Permalink
Browse files

Cookie parsing handles invalid URL-encoded cookies (fixes #51)

  • Loading branch information...
weavejester committed Mar 17, 2012
1 parent cf038f7 commit e2eb01fde0e7756334bfbdeb498088a63b4c6ffd
Showing with 11 additions and 5 deletions.
  1. +6 −5 ring-core/src/ring/middleware/cookies.clj
  2. +5 −0 ring-core/test/ring/middleware/test/cookies.clj
@@ -45,11 +45,12 @@
(defn- normalize-quoted-strs
"Turn quoted strings into normal Clojure strings using read-string."
[cookies]
- (for [[name value] cookies]
- (let [value (codec/url-decode value)]
- (if (.startsWith ^String value "\"")
- [name (read-string value)]
- [name value]))))
+ (remove nil?
+ (for [[name value] cookies]
+ (if-let [value (codec/url-decode value)]
+ (if (.startsWith ^String value "\"")
+ [name (read-string value)]
+ [name value])))))
(defn- get-cookie
"Get a single cookie from a sequence of cookie-values"
@@ -72,6 +72,11 @@
(is (= {"Set-Cookie" (list "a=hello+world")}
(:headers resp)))))
+(deftest wrap-cookies-invalid-url-encoded
+ (let [req {:headers {"cookie" "a=%D"}}
+ resp ((wrap-cookies :cookies) req)]
+ (is (= {} resp))))
+
(deftest wrap-cookies-keep-set-cookies-intact
(let [handler (constantly {:headers {"Set-Cookie" (list "a=b")}
:cookies {:c "d"}})

0 comments on commit e2eb01f

Please sign in to comment.