parent
2cd7e903bc
commit
2a6003c5d2
@ -40,6 +40,8 @@ import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import static org.apache.commons.lang.StringUtils.isBlank;
|
||||
import static org.apache.commons.lang.StringUtils.isNotBlank;
|
||||
@ -68,6 +70,8 @@ public class LoginCommand extends Command {
|
||||
static final String ACCESS_TOKEN = "wb-access-token";
|
||||
static final String ACCESS_SECRET = "wb-access-secret";
|
||||
|
||||
static final Pattern cookieKeyDisallowedCharacters = Pattern.compile("[^a-zA-Z0-9\\-!#$%&'*+.?\\^_`|~]");
|
||||
|
||||
@Override
|
||||
public void doPost(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
@ -83,7 +87,7 @@ public class LoginCommand extends Command {
|
||||
CommandUtilities.respondError(response, "missing parameter '" + API_ENDPOINT + "'");
|
||||
return;
|
||||
}
|
||||
String mediawikiApiEndpointPrefix = mediawikiApiEndpoint + '-';
|
||||
String mediawikiApiEndpointPrefix = sanitizeCookieKey(mediawikiApiEndpoint + '-');
|
||||
|
||||
if ("true".equals(request.getParameter("logout"))) {
|
||||
manager.logout(mediawikiApiEndpoint);
|
||||
@ -268,4 +272,13 @@ public class LoginCommand extends Command {
|
||||
return str.replaceAll("[\n\r]", "");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Removes special characters from cookie keys,
|
||||
* replacing them by hyphens.
|
||||
*/
|
||||
static String sanitizeCookieKey(String key) {
|
||||
Matcher matcher = cookieKeyDisallowedCharacters.matcher(key);
|
||||
return matcher.replaceAll("-");
|
||||
}
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ import static org.testng.Assert.*;
|
||||
public class LoginCommandTest extends CommandTest {
|
||||
|
||||
private static final String apiEndpoint = "https://www.wikidata.org/w/api.php";
|
||||
private static final String apiEndpointPrefix = apiEndpoint + "-";
|
||||
private static final String apiEndpointPrefix = sanitizeCookieKey(apiEndpoint) + "-";
|
||||
|
||||
private static final String username = "my_username";
|
||||
private static final String password = "my_password";
|
||||
@ -567,4 +567,9 @@ public class LoginCommandTest extends CommandTest {
|
||||
assertEquals(removeCRLF("a\rb\nc\r\n\r\nd"), "abcd");
|
||||
assertEquals(removeCRLF(null), "");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSanitizeCookieKey() {
|
||||
assertEquals(sanitizeCookieKey("https://www.wikidata.org/"), "https---www.wikidata.org-");
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user