ensure key names are consistent when parsing the cookie string since

cookie-keys are not case sensitive, but json-keys are.
stleary · May 26, 2020 · 6029dec · 6029dec
1 parent d334b58
commit 6029dec
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/src/main/java/org/json/Cookie.java b/src/main/java/org/json/Cookie.java
@@ -1,5 +1,7 @@
 package org.json;
 
+import java.util.Locale;
+
 /*
 Copyright (c) 2002 JSON.org
 
@@ -74,7 +76,9 @@ public static String escape(String string) {
      * The name will be stored under the key "name", and the value will be
      * stored under the key "value". This method does not do checking or
      * validation of the parameters. It only converts the cookie string into
-     * a JSONObject.
+     * a JSONObject. All attribute names are converted to lower case keys in the
+     * JSONObject (HttpOnly =&gt; httponly). If an attribute is specified more than
+     * once, only the value found closer to the end of the cookie-string is kept.
      * @param string The cookie specification string.
      * @return A JSONObject containing "name", "value", and possibly other
      *  members.
@@ -104,7 +108,7 @@ public static JSONObject toJSONObject(String string) {
         x.next();
         // parse the remaining cookie attributes
         while (x.more()) {
-            name = unescape(x.nextTo("=;")).trim();
+            name = unescape(x.nextTo("=;")).trim().toLowerCase(Locale.ROOT);
             // don't allow a cookies attributes to overwrite it's name or value.
             if("name".equalsIgnoreCase(name)) {
                 throw new JSONException("Illegal attribute name: 'name'");

diff --git a/src/test/java/org/json/junit/CookieTest.java b/src/test/java/org/json/junit/CookieTest.java
@@ -84,7 +84,7 @@ public void booleanAttribute() {
             JSONObject jo = Cookie.toJSONObject(cookieStr);
             assertTrue("has key 'name'", jo.has("name"));
             assertTrue("has key 'value'", jo.has("value"));
-            assertTrue("has key 'myAttribute'", jo.has("myAttribute"));
+            assertTrue("has key 'myAttribute'", jo.has("myattribute"));
     }
 
     /**
@@ -177,7 +177,7 @@ public void convertCookieToString() {
             "thisWont=beIncluded;"+
             "secure";
         String expectedCookieStr = 
-            "{\"thisWont\":\"beIncluded\","+
+            "{\"thiswont\":\"beIncluded\","+
             "\"path\":\"/\","+
             "\"expires\":\"Wed, 19-Mar-2014 17:53:53 GMT\","+
             "\"domain\":\".yahoo.com\","+