You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by ol...@apache.org on 2006/06/10 12:36:22 UTC
svn commit: r413281 - in /jakarta/commons/proper/httpclient/trunk: ./
src/java/org/apache/commons/httpclient/
src/test/org/apache/commons/httpclient/
Author: olegk
Date: Sat Jun 10 03:36:20 2006
New Revision: 413281
URL: http://svn.apache.org/viewvc?rev=413281&view=rev
Log:
[HTTPCLIENT-494] Invalid redirects are not corrected
Changelog:
Invalid redirect location now causes a protocol exception
Contributed by Ortwin Glück and Oleg Kalnichevski
Reviewed by Roland Weber
Added:
jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java (with props)
Modified:
jakarta/commons/proper/httpclient/trunk/release_notes.txt
jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java
jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java
jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java
Modified: jakarta/commons/proper/httpclient/trunk/release_notes.txt
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/release_notes.txt?rev=413281&r1=413280&r2=413281&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/release_notes.txt (original)
+++ jakarta/commons/proper/httpclient/trunk/release_notes.txt Sat Jun 10 03:36:20 2006
@@ -1,5 +1,8 @@
Changes toward 3.1
+ * [HTTPCLIENT-494] - Invalid redirect location now causes a protocol exception
+ Contributed by Oleg Kalnichevski <olegk at apache.org>
+
* [HTTPCLIENT-582] - Allow access to registered cookie policies
Contributed by Sebastian Bazley <sebb at apache.org>
Modified: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java?rev=413281&r1=413280&r2=413281&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java (original)
+++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java Sat Jun 10 03:36:20 2006
@@ -611,9 +611,9 @@
}
method.setURI(redirectUri);
hostConfiguration.setHost(redirectUri);
- } catch (URIException e) {
- LOG.warn("Redirected location '" + location + "' is malformed");
- return false;
+ } catch (URIException ex) {
+ throw new InvalidRedirectLocationException(
+ "Invalid redirect location: " + location, location, ex);
}
if (this.params.isParameterFalse(HttpClientParams.ALLOW_CIRCULAR_REDIRECTS)) {
Added: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java?rev=413281&view=auto
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java (added)
+++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java Sat Jun 10 03:36:20 2006
@@ -0,0 +1,73 @@
+/*
+ * $HeadRL$
+ * $Revision$
+ * $Date$
+ *
+ * ====================================================================
+ *
+ * Copyright 1999-2006 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.commons.httpclient;
+
+/**
+ * Signals violation of HTTP specification caused by an invalid redirect
+ * location
+ *
+ * @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
+ *
+ * @since 3.1
+ */
+public class InvalidRedirectLocationException extends RedirectException {
+
+ private final String location;
+
+ /**
+ * Creates a new InvalidRedirectLocationException with the specified detail message.
+ *
+ * @param message the exception detail message
+ * @param location redirect location
+ */
+ public InvalidRedirectLocationException(final String message, final String location) {
+ super(message);
+ this.location = location;
+ }
+
+ /**
+ * Creates a new RedirectException with the specified detail message and cause.
+ *
+ * @param message the exception detail message
+ * @param location redirect location
+ * @param cause the <tt>Throwable</tt> that caused this exception, or <tt>null</tt>
+ * if the cause is unavailable, unknown, or not a <tt>Throwable</tt>
+ */
+ public InvalidRedirectLocationException(final String message, final String location,
+ final Throwable cause) {
+ super(message, cause);
+ this.location = location;
+ }
+
+ public String getLocation() {
+ return this.location;
+ }
+
+}
Propchange: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java?rev=413281&r1=413280&r2=413281&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java (original)
+++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java Sat Jun 10 03:36:20 2006
@@ -1,5 +1,5 @@
/*
- * $Header: /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commons//httpclient/src/java/org/apache/commons/httpclient/URI.java,v 1.47 2004/05/13 04:03:25 mbecke Exp $
+ * $HeadURL$
* $Revision$
* $Date$
*
@@ -2010,10 +2010,11 @@
_path = null;
}
}
+ String s = tmp.substring(from, next);
if (escaped) {
- setRawPath(tmp.substring(from, next).toCharArray());
+ setRawPath(s.toCharArray());
} else {
- setPath(tmp.substring(from, next));
+ setPath(s);
}
at = next;
}
@@ -2034,8 +2035,14 @@
if (next == -1) {
next = tmp.length();
}
- _query = (escaped) ? tmp.substring(at + 1, next).toCharArray()
- : encode(tmp.substring(at + 1, next), allowed_query, charset);
+ if (escaped) {
+ _query = tmp.substring(at + 1, next).toCharArray();
+ if (!validate(_query, uric)) {
+ throw new URIException("Invalid query");
+ }
+ } else {
+ _query = encode(tmp.substring(at + 1, next), allowed_query, charset);
+ }
at = next;
}
@@ -2215,8 +2222,14 @@
_is_server = _is_hostname = _is_IPv4address =
_is_IPv6reference = false;
// set a registry-based naming authority
- _authority = (escaped) ? original.toString().toCharArray()
- : encode(original.toString(), allowed_reg_name, charset);
+ if (escaped) {
+ _authority = original.toString().toCharArray();
+ if (!validate(_authority, reg_name)) {
+ throw new URIException("Invalid authority");
+ }
+ } else {
+ _authority = encode(original.toString(), allowed_reg_name, charset);
+ }
} else {
if (original.length() - 1 > next && hasPort
&& original.charAt(next) == ':') { // not empty
Modified: jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java?rev=413281&r1=413280&r2=413281&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java (original)
+++ jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java Sat Jun 10 03:36:20 2006
@@ -426,6 +426,22 @@
}
}
+ public void testRejectInvalidRedirectLocation() throws IOException {
+ String host = this.server.getLocalAddress();
+ int port = this.server.getLocalPort();
+ this.server.setHttpService(new BogusRedirectService("http://"+ host +":"+ port +"/newlocation/?p=I have spaces"));
+ GetMethod httpget = new GetMethod("/oldlocation/");
+ httpget.setFollowRedirects(true);
+ try {
+ this.client.executeMethod(httpget);
+ fail("InvalidRedirectLocationException should have been thrown");
+ } catch (InvalidRedirectLocationException e) {
+ //expected a protocol exception
+ } finally {
+ httpget.releaseConnection();
+ }
+ }
+
public void testCrossSiteRedirect() throws IOException {
String host = this.server.getLocalAddress();
int port = this.server.getLocalPort();
Modified: jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java?rev=413281&r1=413280&r2=413281&view=diff
==============================================================================
--- jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java (original)
+++ jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java Sat Jun 10 03:36:20 2006
@@ -258,4 +258,24 @@
assertEquals("/test+test", url.getPath());
}
+ public void testVariousCharacters() throws Exception {
+ verifyInvalidURI("http://authority:123/path/path?query&name=val ue");
+ verifyInvalidURI("http://authority:123/path/path?query&na me=value");
+ verifyInvalidURI("http://authority:123/path/path?qu ery&name=value");
+ verifyInvalidURI("http://authority:123/path/pa th?query&name=value");
+ verifyInvalidURI("http://authority:123/pa th/path?query&name=value");
+ verifyInvalidURI("http://authority:12 3/path/path?query&name=value");
+ verifyInvalidURI("http://autho rity:123/path/path?query&name=value");
+ verifyInvalidURI("htt p://authority:123/path/path?query&name=value");
+ }
+
+ private void verifyInvalidURI(String uri) {
+ try {
+ new URI(uri, true);
+ fail("should have thrown URIException");
+ } catch(URIException e) {
+ /* expected */
+ }
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org