You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/05/11 21:35:48 UTC

[tomcat] 01/03: Remove support for using ^ rather than * as the separator in WAR URL

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0119904e57e4b5f4127193e7b6ec8ff3caea3abd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu May 11 22:25:54 2023 +0100

    Remove support for using ^ rather than * as the separator in WAR URL
---
 java/org/apache/tomcat/util/buf/UriUtil.java           |  6 +-----
 .../apache/catalina/webresources/war/TestHandler.java  | 18 ------------------
 test/org/apache/tomcat/util/buf/TesterUriUtilBase.java |  6 ------
 webapps/docs/changelog.xml                             |  6 ++++++
 4 files changed, 7 insertions(+), 29 deletions(-)

diff --git a/java/org/apache/tomcat/util/buf/UriUtil.java b/java/org/apache/tomcat/util/buf/UriUtil.java
index 3665fdcd02..818566abae 100644
--- a/java/org/apache/tomcat/util/buf/UriUtil.java
+++ b/java/org/apache/tomcat/util/buf/UriUtil.java
@@ -33,7 +33,6 @@ public final class UriUtil {
         {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
 
     private static final Pattern PATTERN_EXCLAMATION_MARK = Pattern.compile("!/");
-    private static final Pattern PATTERN_CARET = Pattern.compile("\\^/");
     private static final Pattern PATTERN_ASTERISK = Pattern.compile("\\*/");
     private static final Pattern PATTERN_CUSTOM;
     private static final String REPLACE_CUSTOM;
@@ -170,8 +169,7 @@ public final class UriUtil {
         // Since "!/" has a special meaning in a JAR URL, make sure that the
         // sequence is properly escaped if present.
         String tmp = PATTERN_EXCLAMATION_MARK.matcher(input).replaceAll("%21/");
-        // Tomcat's custom jar:war: URL handling treats */ and ^/ as special
-        tmp = PATTERN_CARET.matcher(tmp).replaceAll("%5e/");
+        // Tomcat's custom jar:war: URL handling treats */ as special
         tmp = PATTERN_ASTERISK.matcher(tmp).replaceAll("%2a/");
         if (PATTERN_CUSTOM != null) {
             tmp = PATTERN_CUSTOM.matcher(tmp).replaceAll(REPLACE_CUSTOM);
@@ -195,8 +193,6 @@ public final class UriUtil {
         String file = warUrl.getFile();
         if (file.contains("*/")) {
             file = file.replaceFirst("\\*/", "!/");
-        } else if (file.contains("^/")) {
-            file = file.replaceFirst("\\^/", "!/");
         } else if (PATTERN_CUSTOM != null) {
             file = file.replaceFirst(PATTERN_CUSTOM.pattern(), "!/");
         }
diff --git a/test/org/apache/catalina/webresources/war/TestHandler.java b/test/org/apache/catalina/webresources/war/TestHandler.java
index c4b72bee15..2d1e29166f 100644
--- a/test/org/apache/catalina/webresources/war/TestHandler.java
+++ b/test/org/apache/catalina/webresources/war/TestHandler.java
@@ -18,7 +18,6 @@ package org.apache.catalina.webresources.war;
 
 import java.io.File;
 import java.net.URL;
-import java.net.URLConnection;
 
 import org.junit.Assert;
 import org.junit.Before;
@@ -61,21 +60,4 @@ public class TestHandler {
 
         Assert.assertEquals(urlString, url.toExternalForm());
     }
-
-
-    @Test
-    public void testOldFormat() throws Exception {
-        File f = new File("test/webresources/war-url-connection.war");
-        String fileUrl = f.toURI().toURL().toString();
-
-        URL indexHtmlUrl = new URL("jar:war:" + fileUrl +
-                "^/WEB-INF/lib/test.jar!/META-INF/resources/index.html");
-
-        URLConnection urlConn = indexHtmlUrl.openConnection();
-        urlConn.connect();
-
-        int size = urlConn.getContentLength();
-
-        Assert.assertEquals(137, size);
-    }
 }
diff --git a/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java b/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java
index 9980669aa2..febc7018ef 100644
--- a/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java
+++ b/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java
@@ -85,12 +85,6 @@ public abstract class TesterUriUtilBase {
     }
 
 
-    @Test
-    public void testWarToJar01() throws IOException {
-        doTestWarToJar("^");
-    }
-
-
     @Test
     public void testWarToJar02() throws IOException {
         doTestWarToJar("*");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 706b61b93c..f32f27e33e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,12 @@
         Add RateLimitFilter which can be used to mitigate DoS and Brute Force
         attacks. (isapir)
       </add>
+      <scode>
+        Remove support for using the <code>^</code> character to separate the
+        WAR file and WAR contents in Tomcat's custom WAR URL handler. The
+        current default separator character of <code>*</code> remains unchanged.
+        (markt)
+      </scode>
     </changelog>
   </subsection>
 </section>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org