You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/07/29 22:29:20 UTC
svn commit: r1366945 - in /tomcat/trunk:
java/org/apache/catalina/connector/Response.java
test/org/apache/catalina/connector/TestResponse.java
Author: markt
Date: Sun Jul 29 20:29:20 2012
New Revision: 1366945
URL: http://svn.apache.org/viewvc?rev=1366945&view=rev
Log:
Partial fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
If the relative URL can't be made absolute, do not encode it and return it as is
Modified:
tomcat/trunk/java/org/apache/catalina/connector/Response.java
tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java
Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1366945&r1=1366944&r2=1366945&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Sun Jul 29 20:29:20 2012
@@ -1134,7 +1134,14 @@ public class Response
@Override
public String encodeURL(String url) {
- String absolute = toAbsolute(url);
+ String absolute;
+ try {
+ absolute = toAbsolute(url);
+ } catch (IllegalArgumentException iae) {
+ // Relative URL
+ return url;
+ }
+
if (isEncodeable(absolute)) {
// W3c spec clearly said
if (url.equalsIgnoreCase("")) {
@@ -1702,7 +1709,7 @@ public class Response
if (index < 0) {
break;
}
- // Prevent from going outside our context
+ // Can't go above the server root
if (index == startIndex) {
throw new IllegalArgumentException();
}
@@ -1719,7 +1726,7 @@ public class Response
index = index2;
}
- // Add the query string (if present) back in
+ // Add the query string and/or fragment (if present) back in
if (truncateCC != null) {
try {
cc.append(truncateCC, 0, truncateCC.length);
Modified: tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1366945&r1=1366944&r2=1366945&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java (original)
+++ tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java Sun Jul 29 20:29:20 2012
@@ -364,6 +364,30 @@ public class TestResponse extends Tomcat
}
+ @Test
+ public void testBug53469a() throws Exception {
+ Request req = new TesterMockRequest();
+ Response resp = new Response();
+ resp.setRequest(req);
+
+ String result = resp.encodeURL("../bar.html");
+
+ Assert.assertEquals("../bar.html", result);
+ }
+
+
+ @Test
+ public void testBug53469b() throws Exception {
+ Request req = new TesterMockRequest();
+ Response resp = new Response();
+ resp.setRequest(req);
+
+ String result = resp.encodeURL("../../../../bar.html");
+
+ Assert.assertEquals("../../../../bar.html", result);
+ }
+
+
private static final class Bug52811Servlet extends HttpServlet {
private static final long serialVersionUID = 1L;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org