You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/05/31 19:46:49 UTC
[tomcat] branch master updated: Remove fragment from
RequestDispatcher target if (incorrectly) present
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 1f31cf1 Remove fragment from RequestDispatcher target if (incorrectly) present
1f31cf1 is described below
commit 1f31cf1e192ddd530cc1e5c0383f8fa1d35a3f40
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri May 31 20:30:08 2019 +0100
Remove fragment from RequestDispatcher target if (incorrectly) present
---
.../catalina/connector/LocalStrings.properties | 1 +
java/org/apache/catalina/connector/Request.java | 12 ++++++--
.../catalina/core/ApplicationHttpRequest.java | 36 ++++++++++++++++------
.../apache/catalina/core/LocalStrings.properties | 2 ++
webapps/docs/changelog.xml | 5 +++
5 files changed, 45 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/catalina/connector/LocalStrings.properties b/java/org/apache/catalina/connector/LocalStrings.properties
index bb018d9..ad14b81 100644
--- a/java/org/apache/catalina/connector/LocalStrings.properties
+++ b/java/org/apache/catalina/connector/LocalStrings.properties
@@ -80,6 +80,7 @@ inputBuffer.streamClosed=Stream closed
outputBuffer.writeNull=The String argument to write(String,int,int) may not be null
request.asyncNotSupported=A filter or servlet of the current chain does not support asynchronous operations.
+request.fragmentInDispatchPath=The fragment in dispatch path [{0}] has been removed
request.illegalWrap=The request wrapper must wrap the request obtained from getRequest()
request.notAsync=It is illegal to call this method if the current request is not in asynchronous mode (i.e. isAsyncStarted() returns false)
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index ec38789..8a4a459 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -1371,10 +1371,18 @@ public class Request implements HttpServletRequest {
return null;
}
- // If the path is already context-relative, just pass it through
if (path == null) {
return null;
- } else if (path.startsWith("/")) {
+ }
+
+ int fragmentPos = path.indexOf('#');
+ if (fragmentPos > -1) {
+ log.warn(sm.getString("request.fragmentInDispatchPath", path));
+ path = path.substring(0, fragmentPos);
+ }
+
+ // If the path is already context-relative, just pass it through
+ if (path.startsWith("/")) {
return context.getServletContext().getRequestDispatcher(path);
}
diff --git a/java/org/apache/catalina/core/ApplicationHttpRequest.java b/java/org/apache/catalina/core/ApplicationHttpRequest.java
index fc3a1d6..e049e83 100644
--- a/java/org/apache/catalina/core/ApplicationHttpRequest.java
+++ b/java/org/apache/catalina/core/ApplicationHttpRequest.java
@@ -48,9 +48,11 @@ import org.apache.catalina.Session;
import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.util.ParameterMap;
import org.apache.catalina.util.RequestUtil;
+import org.apache.catalina.util.URLEncoder;
import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.http.Parameters;
+import org.apache.tomcat.util.res.StringManager;
/**
@@ -70,9 +72,7 @@ import org.apache.tomcat.util.http.Parameters;
*/
class ApplicationHttpRequest extends HttpServletRequestWrapper {
-
- // ------------------------------------------------------- Static Variables
-
+ private static final StringManager sm = StringManager.getManager(ApplicationHttpRequest.class);
/**
* The set of attribute names that are special for request dispatchers.
@@ -321,11 +321,20 @@ class ApplicationHttpRequest extends HttpServletRequestWrapper {
if (context == null)
return null;
- // If the path is already context-relative, just pass it through
- if (path == null)
+ if (path == null) {
return null;
- else if (path.startsWith("/"))
+ }
+
+ int fragmentPos = path.indexOf('#');
+ if (fragmentPos > -1) {
+ context.getLogger().warn(sm.getString("applicationHttpRequest.fragmentInDispatchPath", path));
+ path = path.substring(0, fragmentPos);
+ }
+
+ // If the path is already context-relative, just pass it through
+ if (path.startsWith("/")) {
return context.getServletContext().getRequestDispatcher(path);
+ }
// Convert a request-relative path to a context-relative one
String servletPath =
@@ -345,10 +354,19 @@ class ApplicationHttpRequest extends HttpServletRequestWrapper {
int pos = requestPath.lastIndexOf('/');
String relative = null;
- if (pos >= 0) {
- relative = requestPath.substring(0, pos + 1) + path;
+ if (context.getDispatchersUseEncodedPaths()) {
+ if (pos >= 0) {
+ relative = URLEncoder.DEFAULT.encode(
+ requestPath.substring(0, pos + 1), StandardCharsets.UTF_8) + path;
+ } else {
+ relative = URLEncoder.DEFAULT.encode(requestPath, StandardCharsets.UTF_8) + path;
+ }
} else {
- relative = requestPath + path;
+ if (pos >= 0) {
+ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+ relative = requestPath + path;
+ }
}
return context.getServletContext().getRequestDispatcher(relative);
diff --git a/java/org/apache/catalina/core/LocalStrings.properties b/java/org/apache/catalina/core/LocalStrings.properties
index 1126de6..6a01297 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -58,6 +58,8 @@ applicationFilterConfig.release=Failed to destroy the filter named [{0}] of type
applicationFilterRegistration.nullInitParam=Unable to set initialisation parameter for filter due to null name and/or value. Name [{0}], Value [{1}]
applicationFilterRegistration.nullInitParams=Unable to set initialisation parameters for filter due to null name and/or value. Name [{0}], Value [{1}]
+applicationHttpRequest.fragmentInDispatchPath=The fragment in dispatch path [{0}] has been removed
+
applicationPushBuilder.methodInvalid=The HTTP method for a push request must be both cacheable and safe but [{0}] is not
applicationPushBuilder.methodNotToken=HTTP methods must be tokens but [{0}] contains a non-token character
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f5e63cd..7701241 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -91,6 +91,11 @@
before removal of the child from the internal child collection.
(remm)
</scode>
+ <add>
+ Remove any fragment included in the target path used to obtain a
+ <code>RequestDispatcher</code>. The requested target path is logged as a
+ warning since this is an application error. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org