You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2007/02/12 02:02:03 UTC
svn commit: r506200 - in /tomcat/tc6.0.x/trunk/java/org/apache:
catalina/connector/CoyoteAdapter.java tomcat/util/buf/UDecoder.java
Author: remm
Date: Sun Feb 11 17:02:03 2007
New Revision: 506200
URL: http://svn.apache.org/viewvc?view=rev&rev=506200
Log:
- Add some options for handling URL chars.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/UDecoder.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?view=diff&rev=506200&r1=506199&r2=506200
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Sun Feb 11 17:02:03 2007
@@ -58,6 +58,10 @@
public static final int ADAPTER_NOTES = 1;
+ protected static final boolean ALLOW_BACKSLASH =
+ Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "false")).booleanValue();
+
+
// ----------------------------------------------------------- Constructors
@@ -310,8 +314,8 @@
req.getURLDecoder().convert(decodedURI, false);
} catch (IOException ioe) {
res.setStatus(400);
- res.setMessage("Invalid URI");
- throw ioe;
+ res.setMessage("Invalid URI: " + ioe.getMessage());
+ return false;
}
// Normalization
if (!normalize(req.decodedURI())) {
@@ -601,10 +605,16 @@
// Replace '\' with '/'
// Check for null byte
for (pos = start; pos < end; pos++) {
- if (b[pos] == (byte) '\\')
- b[pos] = (byte) '/';
- if (b[pos] == (byte) 0)
+ if (b[pos] == (byte) '\\') {
+ if (ALLOW_BACKSLASH) {
+ b[pos] = (byte) '/';
+ } else {
+ return false;
+ }
+ }
+ if (b[pos] == (byte) 0) {
return false;
+ }
}
// The URL must start with '/'
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/UDecoder.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/UDecoder.java?view=diff&rev=506200&r1=506199&r2=506200
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/UDecoder.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/UDecoder.java Sun Feb 11 17:02:03 2007
@@ -33,6 +33,9 @@
private static org.apache.juli.logging.Log log=
org.apache.juli.logging.LogFactory.getLog(UDecoder.class );
+ protected static final boolean ALLOW_ENCODED_SLASH =
+ Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "false")).booleanValue();
+
public UDecoder()
{
}
@@ -67,6 +70,8 @@
if( idx2 >= 0 && idx2 < idx ) idx=idx2;
if( idx < 0 ) idx=idx2;
+ boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
+
for( int j=idx; j<end; j++, idx++ ) {
if( buff[ j ] == '+' && query) {
buff[idx]= (byte)' ' ;
@@ -84,6 +89,9 @@
j+=2;
int res=x2c( b1, b2 );
+ if (noSlash && (res == '/')) {
+ throw new CharConversionException( "noSlash");
+ }
buff[idx]=(byte)res;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org