You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2017/07/26 09:36:29 UTC

svn commit: r1803030 - in /tomcat/trunk: java/org/apache/catalina/core/ApplicationPushBuilder.java test/org/apache/catalina/core/TestApplicationPushBuilder.java webapps/docs/changelog.xml

Author: markt
Date: Wed Jul 26 09:36:29 2017
New Revision: 1803030

URL: http://svn.apache.org/viewvc?rev=1803030&view=rev
Log:
Correct a bug in the PushBuilder implementation that meant push URLs containing %nn sequences were not correctly decoded. Identified by FindBugs.

Modified:
    tomcat/trunk/java/org/apache/catalina/core/ApplicationPushBuilder.java
    tomcat/trunk/test/org/apache/catalina/core/TestApplicationPushBuilder.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationPushBuilder.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationPushBuilder.java?rev=1803030&r1=1803029&r2=1803030&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationPushBuilder.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationPushBuilder.java Wed Jul 26 09:36:29 2017
@@ -382,7 +382,7 @@ public class ApplicationPushBuilder impl
 
         StringBuilder result = new StringBuilder(input.length());
         while (start != -1) {
-            // Found the start of a %nn sequence. Copy everything form the last
+            // Found the start of a %nn sequence. Copy everything from the last
             // end to this start to the output.
             result.append(input.substring(end, start));
             // Advance the end 3 characters: %nn
@@ -403,7 +403,7 @@ public class ApplicationPushBuilder impl
     private static String decodePercentSequence(String sequence, Charset charset) {
         byte[] bytes = new byte[sequence.length()/3];
         for (int i = 0; i < bytes.length; i += 3) {
-            bytes[i] = (byte) (HexUtils.getDec(sequence.charAt(1 + 3 * i)) << 4 +
+            bytes[i] = (byte) ((HexUtils.getDec(sequence.charAt(1 + 3 * i)) << 4) +
                     HexUtils.getDec(sequence.charAt(2 + 3 * i)));
         }
 

Modified: tomcat/trunk/test/org/apache/catalina/core/TestApplicationPushBuilder.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestApplicationPushBuilder.java?rev=1803030&r1=1803029&r2=1803030&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/core/TestApplicationPushBuilder.java (original)
+++ tomcat/trunk/test/org/apache/catalina/core/TestApplicationPushBuilder.java Wed Jul 26 09:36:29 2017
@@ -49,6 +49,21 @@ public class TestApplicationPushBuilder
         doTest("foo%20", StandardCharsets.UTF_8, "foo ");
     }
 
+    @Test
+    public void test06() {
+        doTest("%21foo", StandardCharsets.UTF_8, "!foo");
+    }
+
+    @Test
+    public void test07() {
+        doTest("fo%21o", StandardCharsets.UTF_8, "fo!o");
+    }
+
+    @Test
+    public void test08() {
+        doTest("foo%21", StandardCharsets.UTF_8, "foo!");
+    }
+
 
     private void doTest(String input, Charset charset, String expected) {
         String result = ApplicationPushBuilder.decode(input, charset);

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1803030&r1=1803029&r2=1803030&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Jul 26 09:36:29 2017
@@ -45,6 +45,13 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 9.0.0.M26 (markt)" rtext="in development">
+  <subsection name="Catalina">
+    <changelog>
+      <fix>Correct a bug in the <code>PushBuilder</code> implementation that
+      meant push URLs containing <code>%nn</code> sequences were not correctly
+      decoded. Identified by FindBugs. (markt)</fix>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 9.0.0.M25 (markt)" rtext="release in progress">
   <subsection name="Catalina">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org