You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by gl...@apache.org on 2003/01/02 14:03:16 UTC
cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves RequestFilterValve.java
glenn 2003/01/02 05:03:16
Modified: catalina/src/share/org/apache/catalina/valves
RequestFilterValve.java
Log:
Catch null pointer property to match on, deny by default if found
Revision Changes Path
1.5 +16 -4 jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java
Index: RequestFilterValve.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- RequestFilterValve.java 22 Jul 2001 20:25:15 -0000 1.4
+++ RequestFilterValve.java 2 Jan 2003 13:03:16 -0000 1.5
@@ -306,6 +306,18 @@
ValveContext context)
throws IOException, ServletException {
+ // Default to deny request if property is null
+ if (property == null) {
+ ServletResponse sres = response.getResponse();
+ if (sres instanceof HttpServletResponse) {
+ HttpServletResponse hres = (HttpServletResponse) sres;
+ hres.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+ Exception e = new IllegalArgumentException();
+ getContainer().getLogger().log(e,"Request Denied, no property to filter on");
+ return;
+ }
+
// Check the deny patterns, if any
for (int i = 0; i < denies.length; i++) {
if (denies[i].match(property)) {
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>