You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by fh...@apache.org on 2007/03/16 17:15:46 UTC
svn commit: r519036 - in /tomcat/connectors/branches/tc4.1.x:
coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
util/java/org/apache/tomcat/util/buf/UDecoder.java
Author: fhanik
Date: Fri Mar 16 09:15:45 2007
New Revision: 519036
URL: http://svn.apache.org/viewvc?view=rev&rev=519036
Log:
Add some options for handling URL chars, backport from TC 6.0.x
Modified:
tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
Modified: tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
URL: http://svn.apache.org/viewvc/tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java?view=diff&rev=519036&r1=519035&r2=519036
==============================================================================
--- tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java (original)
+++ tomcat/connectors/branches/tc4.1.x/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java Fri Mar 16 09:15:45 2007
@@ -50,7 +50,8 @@
final class CoyoteAdapter
implements Adapter {
-
+ protected static final boolean ALLOW_BACKSLASH =
+ Boolean.valueOf(System.getProperty("org.apache.coyote.tomcat4.CoyoteAdapter.ALLOW_BACKSLASH", "false")).booleanValue();
// -------------------------------------------------------------- Constants
@@ -439,8 +440,12 @@
return "/";
// Normalize the slashes and add leading slash if necessary
- if (normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
+ if (normalized.indexOf('\\') >= 0) {
+ if ( ALLOW_BACKSLASH )
+ normalized = normalized.replace('\\', '/');
+ else
+ return null;
+ }
if (!normalized.startsWith("/"))
normalized = "/" + normalized;
@@ -563,8 +568,12 @@
// Replace '\' with '/'
// Check for null byte
for (pos = start; pos < end; pos++) {
- if (b[pos] == (byte) '\\')
- b[pos] = (byte) '/';
+ if (b[pos] == (byte) '\\') {
+ if (ALLOW_BACKSLASH)
+ b[pos] = (byte) '/';
+ else
+ return false;
+ }
if (b[pos] == (byte) 0)
return false;
}
Modified: tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java
URL: http://svn.apache.org/viewvc/tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java?view=diff&rev=519036&r1=519035&r2=519036
==============================================================================
--- tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java (original)
+++ tomcat/connectors/branches/tc4.1.x/util/java/org/apache/tomcat/util/buf/UDecoder.java Fri Mar 16 09:15:45 2007
@@ -28,7 +28,9 @@
* @author Costin Manolache
*/
public final class UDecoder {
-
+ protected static final boolean ALLOW_ENCODED_SLASH =
+ Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "false")).booleanValue();
+
private static org.apache.commons.logging.Log log=
org.apache.commons.logging.LogFactory.getLog(UDecoder.class );
@@ -65,6 +67,8 @@
// idx will be the smallest positive inxes ( first % or + )
if( idx2 >= 0 && idx2 < idx ) idx=idx2;
if( idx < 0 ) idx=idx2;
+
+ boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
for( int j=idx; j<end; j++, idx++ ) {
if( buff[ j ] == '+' && query) {
@@ -83,6 +87,12 @@
j+=2;
int res=x2c( b1, b2 );
+
+ if (noSlash && (res == '/')) {
+ throw new CharConversionException( "noSlash");
+ }
+
+
buff[idx]=(byte)res;
}
}
@@ -124,6 +134,8 @@
if( idx2 >= 0 && idx2 < idx ) idx=idx2;
if( idx < 0 ) idx=idx2;
+
+ boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
for( int j=idx; j<cend; j++, idx++ ) {
if( buff[ j ] == '+' && query ) {
@@ -143,6 +155,11 @@
j+=2;
int res=x2c( b1, b2 );
+
+ if (noSlash && (res == '/')) {
+ throw new CharConversionException( "noSlash");
+ }
+
buff[idx]=(char)res;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org