You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/05/11 21:35:48 UTC
[tomcat] 01/03: Remove support for using ^ rather than * as the separator in WAR URL
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0119904e57e4b5f4127193e7b6ec8ff3caea3abd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu May 11 22:25:54 2023 +0100
Remove support for using ^ rather than * as the separator in WAR URL
---
java/org/apache/tomcat/util/buf/UriUtil.java | 6 +-----
.../apache/catalina/webresources/war/TestHandler.java | 18 ------------------
test/org/apache/tomcat/util/buf/TesterUriUtilBase.java | 6 ------
webapps/docs/changelog.xml | 6 ++++++
4 files changed, 7 insertions(+), 29 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/UriUtil.java b/java/org/apache/tomcat/util/buf/UriUtil.java
index 3665fdcd02..818566abae 100644
--- a/java/org/apache/tomcat/util/buf/UriUtil.java
+++ b/java/org/apache/tomcat/util/buf/UriUtil.java
@@ -33,7 +33,6 @@ public final class UriUtil {
{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
private static final Pattern PATTERN_EXCLAMATION_MARK = Pattern.compile("!/");
- private static final Pattern PATTERN_CARET = Pattern.compile("\\^/");
private static final Pattern PATTERN_ASTERISK = Pattern.compile("\\*/");
private static final Pattern PATTERN_CUSTOM;
private static final String REPLACE_CUSTOM;
@@ -170,8 +169,7 @@ public final class UriUtil {
// Since "!/" has a special meaning in a JAR URL, make sure that the
// sequence is properly escaped if present.
String tmp = PATTERN_EXCLAMATION_MARK.matcher(input).replaceAll("%21/");
- // Tomcat's custom jar:war: URL handling treats */ and ^/ as special
- tmp = PATTERN_CARET.matcher(tmp).replaceAll("%5e/");
+ // Tomcat's custom jar:war: URL handling treats */ as special
tmp = PATTERN_ASTERISK.matcher(tmp).replaceAll("%2a/");
if (PATTERN_CUSTOM != null) {
tmp = PATTERN_CUSTOM.matcher(tmp).replaceAll(REPLACE_CUSTOM);
@@ -195,8 +193,6 @@ public final class UriUtil {
String file = warUrl.getFile();
if (file.contains("*/")) {
file = file.replaceFirst("\\*/", "!/");
- } else if (file.contains("^/")) {
- file = file.replaceFirst("\\^/", "!/");
} else if (PATTERN_CUSTOM != null) {
file = file.replaceFirst(PATTERN_CUSTOM.pattern(), "!/");
}
diff --git a/test/org/apache/catalina/webresources/war/TestHandler.java b/test/org/apache/catalina/webresources/war/TestHandler.java
index c4b72bee15..2d1e29166f 100644
--- a/test/org/apache/catalina/webresources/war/TestHandler.java
+++ b/test/org/apache/catalina/webresources/war/TestHandler.java
@@ -18,7 +18,6 @@ package org.apache.catalina.webresources.war;
import java.io.File;
import java.net.URL;
-import java.net.URLConnection;
import org.junit.Assert;
import org.junit.Before;
@@ -61,21 +60,4 @@ public class TestHandler {
Assert.assertEquals(urlString, url.toExternalForm());
}
-
-
- @Test
- public void testOldFormat() throws Exception {
- File f = new File("test/webresources/war-url-connection.war");
- String fileUrl = f.toURI().toURL().toString();
-
- URL indexHtmlUrl = new URL("jar:war:" + fileUrl +
- "^/WEB-INF/lib/test.jar!/META-INF/resources/index.html");
-
- URLConnection urlConn = indexHtmlUrl.openConnection();
- urlConn.connect();
-
- int size = urlConn.getContentLength();
-
- Assert.assertEquals(137, size);
- }
}
diff --git a/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java b/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java
index 9980669aa2..febc7018ef 100644
--- a/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java
+++ b/test/org/apache/tomcat/util/buf/TesterUriUtilBase.java
@@ -85,12 +85,6 @@ public abstract class TesterUriUtilBase {
}
- @Test
- public void testWarToJar01() throws IOException {
- doTestWarToJar("^");
- }
-
-
@Test
public void testWarToJar02() throws IOException {
doTestWarToJar("*");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 706b61b93c..f32f27e33e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,12 @@
Add RateLimitFilter which can be used to mitigate DoS and Brute Force
attacks. (isapir)
</add>
+ <scode>
+ Remove support for using the <code>^</code> character to separate the
+ WAR file and WAR contents in Tomcat's custom WAR URL handler. The
+ current default separator character of <code>*</code> remains unchanged.
+ (markt)
+ </scode>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org