You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/09/11 16:27:38 UTC
svn commit: r1840588 - in /tomcat/jk/trunk: native/apache-2.0/mod_jk.c
native/common/jk_util.c native/common/jk_util.h
xdocs/miscellaneous/changelog.xml
Author: markt
Date: Tue Sep 11 16:27:38 2018
New Revision: 1840588
URL: http://svn.apache.org/viewvc?rev=1840588&view=rev
Log:
Apache: Improve path parameter handling so that JkStripSession can remove session IDs that are specified on path parameters in any segment of the URI rather than only the final segment.
Modified:
tomcat/jk/trunk/native/apache-2.0/mod_jk.c
tomcat/jk/trunk/native/common/jk_util.c
tomcat/jk/trunk/native/common/jk_util.h
tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/jk/trunk/native/apache-2.0/mod_jk.c
URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/native/apache-2.0/mod_jk.c?rev=1840588&r1=1840587&r2=1840588&view=diff
==============================================================================
--- tomcat/jk/trunk/native/apache-2.0/mod_jk.c (original)
+++ tomcat/jk/trunk/native/apache-2.0/mod_jk.c Tue Sep 11 16:27:38 2018
@@ -4058,23 +4058,13 @@ static int jk_map_to_storage(request_rec
jk_log(conf->log, JK_LOG_DEBUG,
"no match for %s found",
r->uri);
- if (conf->strip_session == JK_TRUE &&
- conf->strip_session_name) {
+ if (conf->strip_session == JK_TRUE && conf->strip_session_name) {
char *jsessionid;
if (r->uri) {
- jsessionid = strstr(r->uri, conf->strip_session_name);
- if (jsessionid) {
- if (JK_IS_DEBUG_LEVEL(conf->log))
- jk_log(conf->log, JK_LOG_DEBUG,
- "removing session identifier [%s] for non servlet url [%s]",
- jsessionid, r->uri);
- *jsessionid = '\0';
- }
+ jk_strip_session_id(r->uri, conf->strip_session_name, conf->log);
}
if (r->filename) {
- jsessionid = strstr(r->filename, conf->strip_session_name);
- if (jsessionid)
- *jsessionid = '\0';
+ jk_strip_session_id(r->filename, conf->strip_session_name, conf->log);
}
return DECLINED;
}
Modified: tomcat/jk/trunk/native/common/jk_util.c
URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.c?rev=1840588&r1=1840587&r2=1840588&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_util.c (original)
+++ tomcat/jk/trunk/native/common/jk_util.c Tue Sep 11 16:27:38 2018
@@ -2282,6 +2282,42 @@ int jk_servlet_normalize(char *path, jk_
return 0;
}
+int jk_strip_session_id(char* path, char* session_name, jk_logger_t *logger) {
+
+ char *jsessionid;
+
+ jsessionid = strstr(path, session_name);
+ if (jsessionid) {
+ if (JK_IS_DEBUG_LEVEL(logger)) {
+ jk_log(logger, JK_LOG_DEBUG,
+ "removing session identifier for non servlet uri [%s]", path);
+ }
+ // Found a session path parameter.
+ // Need to skip at least as many characters as there are in
+ // strip_session_name
+ int i = strlen(session_name);
+ int j = 0;
+ // Increment i until the first character after the parameter
+ while (jsessionid[i] != '\0' && jsessionid[i] != ';' && jsessionid[i] != '/') {
+ i++;
+ }
+ // Copy until the end
+ while (jsessionid[i] != '\0') {
+ jsessionid[j++] = jsessionid[i++];
+ }
+ // Terminate
+ jsessionid[j] = '\0';
+
+ if (JK_IS_DEBUG_LEVEL(logger)) {
+ jk_log(logger, JK_LOG_DEBUG,
+ "result of removing session identifier for non servlet uri is [%s]", path);
+ }
+ return 1;
+ }
+
+ return 0;
+}
+
#ifdef _MT_CODE_PTHREAD
jk_pthread_t jk_gettid()
{
Modified: tomcat/jk/trunk/native/common/jk_util.h
URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/native/common/jk_util.h?rev=1840588&r1=1840587&r2=1840588&view=diff
==============================================================================
--- tomcat/jk/trunk/native/common/jk_util.h (original)
+++ tomcat/jk/trunk/native/common/jk_util.h Tue Sep 11 16:27:38 2018
@@ -60,7 +60,7 @@ int jk_log(jk_logger_t *l,
int jk_check_attribute_length(const char *name, const char *value,
jk_logger_t *l);
-
+
const char *jk_get_worker_host(jk_map_t *m, const char *wname, const char *def);
const char *jk_get_worker_source(jk_map_t *m, const char *wname, const char *def);
@@ -190,7 +190,7 @@ int jk_is_unique_property(const char *pr
int jk_is_deprecated_property(const char *prp_name);
int jk_check_buffer_size();
-
+
int jk_is_valid_property(const char *prp_name);
int jk_get_worker_stdout(jk_map_t *m, const char *wname, const char **stdout_name);
@@ -250,6 +250,8 @@ int jk_wildchar_match(const char *str, c
int jk_servlet_normalize(char *path, jk_logger_t *logger);
+int jk_strip_session_id(char* path, char* session_name, jk_logger_t *logger);
+
#define JK_NORMALIZE_BAD_PATH -1
#define JK_NORMALIZE_TRAVERSAL -2
Modified: tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml?rev=1840588&r1=1840587&r2=1840588&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/jk/trunk/xdocs/miscellaneous/changelog.xml Tue Sep 11 16:27:38 2018
@@ -61,6 +61,12 @@
be extracted from a path parameter in any segment of the URI, rather
than only from the final segment. (markt)
</fix>
+ <fix>
+ Apache: Improve path parameter handling so that
+ <code>JkStripSession</code> can remove session IDs that are specified on
+ path parameters in any segment of the URI rather than only the final
+ segment. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org