You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by lp...@apache.org on 2023/05/02 18:37:13 UTC

[shiro] branch main updated: bugfix(jakarta-ee): catch illegally-formatted cookies and print out warning instead of failing

This is an automated email from the ASF dual-hosted git repository.

lprimak pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro.git


The following commit(s) were added to refs/heads/main by this push:
     new d64f92a12 bugfix(jakarta-ee): catch illegally-formatted cookies and print out warning instead of failing
d64f92a12 is described below

commit d64f92a12d999d8bc1d6a229a9656c5aec2d58e7
Author: lprimak <le...@flowlogix.com>
AuthorDate: Tue May 2 13:36:32 2023 -0500

    bugfix(jakarta-ee): catch illegally-formatted cookies and print out warning instead of failing
---
 .../java/org/apache/shiro/ee/filters/FormResubmitSupport.java | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
index ed207d462..384c84d88 100644
--- a/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
+++ b/support/jakarta-ee/src/main/java/org/apache/shiro/ee/filters/FormResubmitSupport.java
@@ -444,9 +444,14 @@ public class FormResubmitSupport {
         cookieManager.getCookieStore().add(new URI(savedRequest), sessionCookie);
         for (Cookie origCookie : originalRequest.getCookies()) {
             if (!origCookie.getName().equals(sessionCookieName)) {
-                HttpCookie cookie = new HttpCookie(origCookie.getName(), origCookie.getValue());
-                cookie.setPath(servletContext.getContextPath());
-                cookieManager.getCookieStore().add(new URI(savedRequest), cookie);
+                try {
+                    HttpCookie cookie = new HttpCookie(origCookie.getName(), origCookie.getValue());
+                    cookie.setPath(servletContext.getContextPath());
+                    cookieManager.getCookieStore().add(new URI(savedRequest), cookie);
+                } catch (IllegalArgumentException e) {
+                    log.warn("Form Resubmit: Ignoring invalid cookie [{} - {}]",
+                            origCookie.getName(), origCookie.getValue(), e);
+                }
             }
         }
         return HttpClient.newBuilder().cookieHandler(cookieManager).build();