From 681cf04da9914650bfbc7ec0622b02cbf9ddc9e5 Mon Sep 17 00:00:00 2001
From: Bosanac Dejan <dejanb@apache.org>
Date: Fri, 9 Jul 2010 12:55:21 +0000
Subject: [PATCH]  https://issues.apache.org/activemq/browse/AMQ-2817 -
 sanitize stomp headers

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@962512 13f79535-47bb-0310-9956-ffa450edef68
---
 .../transport/stomp/FrameTranslator.java      | 13 ++++++--
 .../activemq/transport/stomp/Stomp.java       |  2 +-
 .../activemq/transport/stomp/StompTest.java   | 31 +++++++++++++++++++
 3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/activemq-core/src/main/java/org/apache/activemq/transport/stomp/FrameTranslator.java b/activemq-core/src/main/java/org/apache/activemq/transport/stomp/FrameTranslator.java
index 643e1b4442..fa12c9ac45 100644
--- a/activemq-core/src/main/java/org/apache/activemq/transport/stomp/FrameTranslator.java
+++ b/activemq-core/src/main/java/org/apache/activemq/transport/stomp/FrameTranslator.java
@@ -121,8 +121,17 @@ public interface FrameTranslator {
             }
 
             // Stomp specific headers
-            o = headers.remove(Stomp.Headers.RECEIPT_REQUESTED);
-            
+            headers.remove(Stomp.Headers.RECEIPT_REQUESTED);
+
+            // Since we take the rest of the header and put them in properties which could then
+            // be sent back to a STOMP consumer we need to sanitize anything which could be in
+            // Stomp.Headers.Message and might get passed through to the consumer
+            headers.remove(Stomp.Headers.Message.MESSAGE_ID);
+            headers.remove(Stomp.Headers.Message.TIMESTAMP);
+            headers.remove(Stomp.Headers.Message.REDELIVERED);
+            headers.remove(Stomp.Headers.Message.SUBSCRIPTION);
+            headers.remove(Stomp.Headers.Message.USERID);
+
             // now the general headers
             msg.setProperties(headers);
         }
diff --git a/activemq-core/src/main/java/org/apache/activemq/transport/stomp/Stomp.java b/activemq-core/src/main/java/org/apache/activemq/transport/stomp/Stomp.java
index f866a4fd41..f2622d1693 100644
--- a/activemq-core/src/main/java/org/apache/activemq/transport/stomp/Stomp.java
+++ b/activemq-core/src/main/java/org/apache/activemq/transport/stomp/Stomp.java
@@ -62,7 +62,7 @@ public interface Stomp {
             String EXPIRATION_TIME = "expires";
             String PRIORITY = "priority";
             String TYPE = "type";
-            Object PERSISTENT = "persistent";
+            String PERSISTENT = "persistent";
         }
 
         public interface Message {
diff --git a/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java b/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java
index 206bd8f6a3..5caa33ca40 100644
--- a/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java
+++ b/activemq-core/src/test/java/org/apache/activemq/transport/stomp/StompTest.java
@@ -23,6 +23,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.UnknownHostException;
 import java.util.HashMap;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.jms.BytesMessage;
@@ -1320,6 +1321,36 @@ public class StompTest extends CombinationTestSupport {
         assertEquals("system", message.getHeaders().get(Stomp.Headers.Message.USERID));
     }
 
+    public void testClientSetMessageIdIsIgnored() throws Exception {
+        HashMap<String, String> headers = new HashMap<String, String>();
+        headers.put(Stomp.Headers.Message.MESSAGE_ID, "Thisisnotallowed");
+        headers.put(Stomp.Headers.Message.TIMESTAMP, "1234");
+        headers.put(Stomp.Headers.Message.REDELIVERED, "true");
+        headers.put(Stomp.Headers.Message.SUBSCRIPTION, "Thisisnotallowed");
+        headers.put(Stomp.Headers.Message.USERID, "Thisisnotallowed");
+
+
+        stompConnection.connect("system", "manager");
+
+
+        stompConnection.send("/queue/" + getQueueName(), "msg", null, headers);
+
+        stompConnection.subscribe("/queue/" + getQueueName());
+        StompFrame stompMessage = stompConnection.receive();
+
+        Map<String, String> mess_headers = new HashMap<String, String>();
+        mess_headers = stompMessage.getHeaders();
+
+        assertFalse("Thisisnotallowed".equals(mess_headers.get(Stomp.Headers.Message.MESSAGE_ID)
+                ));
+        assertFalse("1234".equals(mess_headers.get(Stomp.Headers.Message.TIMESTAMP)));
+        assertNull(mess_headers.get(Stomp.Headers.Message.REDELIVERED));
+        assertNull(mess_headers.get(Stomp.Headers.Message.SUBSCRIPTION));
+        assertEquals("system", mess_headers.get(Stomp.Headers.Message.USERID));
+
+    }
+
+
     protected void assertClients(int expected) throws Exception {
         org.apache.activemq.broker.Connection[] clients = broker.getBroker().getClients();
         int actual = clients.length;