You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/06/01 20:46:25 UTC
[tomcat] branch 8.5.x updated: Align with 11.0.x, 10.1.x and 9.0.x
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a4e4e92d17 Align with 11.0.x, 10.1.x and 9.0.x
a4e4e92d17 is described below
commit a4e4e92d176c03c823cfea33ad6c49596ba0dee8
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jun 1 21:46:18 2023 +0100
Align with 11.0.x, 10.1.x and 9.0.x
---
.../apache/catalina/connector/CoyoteAdapter.java | 5 +++-
.../catalina/connector/CoyoteInputStream.java | 2 ++
.../catalina/connector/CoyoteOutputStream.java | 2 ++
java/org/apache/catalina/connector/Request.java | 29 ++----------------
java/org/apache/catalina/connector/Response.java | 18 ++++-------
.../apache/catalina/connector/ResponseFacade.java | 5 ++--
java/org/apache/catalina/util/RequestUtil.java | 35 ++++++++++++++++++++++
7 files changed, 53 insertions(+), 43 deletions(-)
diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 066fa82d83..8eacf7a742 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -887,7 +887,10 @@ public class CoyoteAdapter implements Adapter {
req.decodedURI().toBytes();
ByteChunk uriBC = req.decodedURI().getByteChunk();
- int semicolon = uriBC.indexOf(';', 0);
+ // The first character must always be '/' so start search at position 1.
+ // If the first character is ';' the URI will be rejected at the
+ // normalization stage
+ int semicolon = uriBC.indexOf(';', 1);
// Performance optimisation. Return as soon as it is known there are no
// path parameters;
if (semicolon == -1) {
diff --git a/java/org/apache/catalina/connector/CoyoteInputStream.java b/java/org/apache/catalina/connector/CoyoteInputStream.java
index 9babdc0cca..3b429951c8 100644
--- a/java/org/apache/catalina/connector/CoyoteInputStream.java
+++ b/java/org/apache/catalina/connector/CoyoteInputStream.java
@@ -21,6 +21,7 @@ import java.nio.ByteBuffer;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
+import java.util.Objects;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
@@ -169,6 +170,7 @@ public class CoyoteInputStream extends ServletInputStream {
* @throws IOException if an input or output exception has occurred
*/
public int read(final ByteBuffer b) throws IOException {
+ Objects.requireNonNull(b);
checkNonBlockingRead();
if (SecurityUtil.isPackageProtectionEnabled()) {
diff --git a/java/org/apache/catalina/connector/CoyoteOutputStream.java b/java/org/apache/catalina/connector/CoyoteOutputStream.java
index 71fbe7d18f..a6cb729b9e 100644
--- a/java/org/apache/catalina/connector/CoyoteOutputStream.java
+++ b/java/org/apache/catalina/connector/CoyoteOutputStream.java
@@ -18,6 +18,7 @@ package org.apache.catalina.connector;
import java.io.IOException;
import java.nio.ByteBuffer;
+import java.util.Objects;
import javax.servlet.ServletOutputStream;
import javax.servlet.WriteListener;
@@ -101,6 +102,7 @@ public class CoyoteOutputStream extends ServletOutputStream {
public void write(ByteBuffer from) throws IOException {
+ Objects.requireNonNull(from);
boolean nonBlocking = checkNonBlockingWrite();
ob.write(from);
if (nonBlocking) {
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index 1bfe791e8f..c1d4c8dd76 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -85,6 +85,7 @@ import org.apache.catalina.core.AsyncContextImpl;
import org.apache.catalina.mapper.MappingData;
import org.apache.catalina.session.ManagerBase;
import org.apache.catalina.util.ParameterMap;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.TLSUtil;
import org.apache.catalina.util.URLEncoder;
import org.apache.coyote.ActionCode;
@@ -132,7 +133,6 @@ public class Request implements HttpServletRequest {
private static final Log log = LogFactory.getLog(Request.class);
- // ----------------------------------------------------------- Constructors
public Request() {
formats = new SimpleDateFormat[formatsTemplate.length];
@@ -1235,6 +1235,7 @@ public class Request implements HttpServletRequest {
}
usingReader = true;
+
inputBuffer.checkConverter();
if (reader == null) {
reader = new CoyoteReader(inputBuffer);
@@ -1988,13 +1989,6 @@ public class Request implements HttpServletRequest {
}
- // --------------------------------------------- HttpServletRequest Methods
-
- /**
- * {@inheritDoc}
- *
- * @since Servlet 3.1
- */
@SuppressWarnings("unchecked")
@Override
public <T extends HttpUpgradeHandler> T upgrade(Class<T> httpUpgradeHandlerClass)
@@ -2382,24 +2376,7 @@ public class Request implements HttpServletRequest {
@Override
public StringBuffer getRequestURL() {
-
- StringBuffer url = new StringBuffer();
- String scheme = getScheme();
- int port = getServerPort();
- if (port < 0) {
- port = 80; // Work around java.net.URL bug
- }
-
- url.append(scheme);
- url.append("://");
- url.append(getServerName());
- if ((scheme.equals("http") && (port != 80)) || (scheme.equals("https") && (port != 443))) {
- url.append(':');
- url.append(port);
- }
- url.append(getRequestURI());
-
- return url;
+ return RequestUtil.getRequestURL(this);
}
diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java
index 8a4be807fd..914199321c 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -772,10 +772,10 @@ public class Response implements HttpServletResponse {
* Overrides the name of the character encoding used in the body of the request. This method must be called prior to
* reading request parameters or reading input using getReader().
*
- * @param charset String containing the name of the character encoding.
+ * @param encoding String containing the name of the character encoding.
*/
@Override
- public void setCharacterEncoding(String charset) {
+ public void setCharacterEncoding(String encoding) {
if (isCommitted()) {
return;
@@ -793,12 +793,12 @@ public class Response implements HttpServletResponse {
}
try {
- getCoyoteResponse().setCharacterEncoding(charset);
+ getCoyoteResponse().setCharacterEncoding(encoding);
} catch (IllegalArgumentException e) {
- log.warn(sm.getString("coyoteResponse.encoding.invalid", charset), e);
+ log.warn(sm.getString("coyoteResponse.encoding.invalid", encoding), e);
return;
}
- if (charset == null) {
+ if (encoding == null) {
isCharacterEncodingSet = false;
} else {
isCharacterEncodingSet = true;
@@ -1279,14 +1279,6 @@ public class Response implements HttpServletResponse {
}
- /**
- * Send a temporary redirect to the specified redirect location URL.
- *
- * @param location Location URL to redirect to
- *
- * @exception IllegalStateException if this response has already been committed
- * @exception IOException if an input/output error occurs
- */
@Override
public void sendRedirect(String location) throws IOException {
sendRedirect(location, SC_FOUND);
diff --git a/java/org/apache/catalina/connector/ResponseFacade.java b/java/org/apache/catalina/connector/ResponseFacade.java
index 6e2a6c2658..c2a8e968b4 100644
--- a/java/org/apache/catalina/connector/ResponseFacade.java
+++ b/java/org/apache/catalina/connector/ResponseFacade.java
@@ -112,7 +112,6 @@ public class ResponseFacade implements HttpServletResponse {
// ----------------------------------------------- Class/Instance Variables
-
/**
* The string manager for this package.
*/
@@ -471,9 +470,9 @@ public class ResponseFacade implements HttpServletResponse {
@Override
- public void setCharacterEncoding(String arg0) {
+ public void setCharacterEncoding(String encoding) {
checkFacade();
- response.setCharacterEncoding(arg0);
+ response.setCharacterEncoding(encoding);
}
@Override
diff --git a/java/org/apache/catalina/util/RequestUtil.java b/java/org/apache/catalina/util/RequestUtil.java
index 79a312fdec..58fb8e4622 100644
--- a/java/org/apache/catalina/util/RequestUtil.java
+++ b/java/org/apache/catalina/util/RequestUtil.java
@@ -16,6 +16,8 @@
*/
package org.apache.catalina.util;
+import javax.servlet.http.HttpServletRequest;
+
/**
* General purpose request parsing and encoding utility methods.
*
@@ -24,6 +26,39 @@ package org.apache.catalina.util;
*/
public final class RequestUtil {
+ /**
+ * Build an appropriate return value for
+ * {@link HttpServletRequest#getRequestURL()} based on the provided
+ * request object. Note that this will also work for instances of
+ * {@link javax.servlet.http.HttpServletRequestWrapper}.
+ *
+ * @param request The request object for which the URL should be built
+ *
+ * @return The request URL for the given request object
+ */
+ public static StringBuffer getRequestURL(HttpServletRequest request) {
+ StringBuffer url = new StringBuffer();
+ String scheme = request.getScheme();
+ int port = request.getServerPort();
+ if (port < 0) {
+ // Work around java.net.URL bug
+ port = 80;
+ }
+
+ url.append(scheme);
+ url.append("://");
+ url.append(request.getServerName());
+ if ((scheme.equals("http") && (port != 80))
+ || (scheme.equals("https") && (port != 443))) {
+ url.append(':');
+ url.append(port);
+ }
+ url.append(request.getRequestURI());
+
+ return url;
+ }
+
+
/**
* Filter the specified message string for characters that are sensitive
* in HTML. This avoids potential attacks caused by including JavaScript
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org