sjs/http-cookie
1
0
Fork 0
mirror of https://github.com/samsonjs/http-cookie.git synced 2026-04-27 14:57:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Cookie#max_age= should reject malformed strings.

Browse source
This commit is contained in:
Akinori MUSHA 2013-04-07 23:07:20 +09:00
parent f5f82c0304
commit 9e46ce0d30
2 changed files with 25 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/http/cookie.rb
View file

@ -195,7 +195,7 @@ class HTTP::Cookie
origin = val origin = val
when 'max_age' when 'max_age'
# Let max_age take precedence over expires # Let max_age take precedence over expires
max_age = val if val max_age = val
else else
setter = :"#{skey}=" setter = :"#{skey}="
__send__(setter, val) if respond_to?(setter) __send__(setter, val) if respond_to?(setter)
@ -494,6 +494,8 @@ class HTTP::Cookie
else else
str = check_string_type(sec) or str = check_string_type(sec) or
raise TypeError, "#{sec.class} is not an Integer or String" raise TypeError, "#{sec.class} is not an Integer or String"
/\A-?\d+\z/.match(str) or
raise ArgumentError, "invalid Max-Age: #{sec.inspect}"
sec = str.to_i sec = str.to_i
end end
if @session = sec.nil? if @session = sec.nil?

22
test/test_http_cookie.rb
View file

@ -586,6 +586,28 @@ class TestHTTPCookie < Test::Unit::TestCase
assert_equal true, cookie.expired? assert_equal true, cookie.expired?
end end
def test_max_age=
cookie = HTTP::Cookie.new(cookie_values)
assert_raises(ArgumentError) {
cookie.max_age = "+1"
}
assert_raises(ArgumentError) {
cookie.max_age = "1.5"
}
assert_raises(ArgumentError) {
cookie.max_age = "1 day"
}
assert_raises(TypeError) {
cookie.max_age = [1]
}
cookie.max_age = "12"
assert_equal 12, cookie.max_age
cookie.max_age = -3
assert_equal -3, cookie.max_age
end
def test_session def test_session
cookie = HTTP::Cookie.new(cookie_values) cookie = HTTP::Cookie.new(cookie_values)