You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2003/01/29 13:50:53 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core StandardContextValve.java
remm 2003/01/29 04:50:53
Modified: catalina/src/share/org/apache/catalina/core
StandardContextValve.java
Log:
- Optimize checks for /WEB-INF and /META-INF.
Revision Changes Path
1.4 +36 -13 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContextValve.java
Index: StandardContextValve.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/StandardContextValve.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- StandardContextValve.java 12 Sep 2002 20:40:37 -0000 1.3
+++ StandardContextValve.java 29 Jan 2003 12:50:52 -0000 1.4
@@ -67,10 +67,15 @@
import java.io.IOException;
import java.io.PrintWriter;
+
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.naming.NamingException;
+
+import org.apache.tomcat.util.buf.CharChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+
import org.apache.naming.ContextBindings;
import org.apache.naming.resources.DirContextURLStreamHandler;
import org.apache.catalina.Container;
@@ -156,15 +161,31 @@
}
// Disallow any direct access to resources under WEB-INF or META-INF
- HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
- String contextPath = hreq.getContextPath();
- String requestURI = ((HttpRequest) request).getDecodedRequestURI();
- String relativeURI =
- requestURI.substring(contextPath.length()).toUpperCase();
- if (relativeURI.equals("/META-INF") ||
- relativeURI.equals("/WEB-INF") ||
- relativeURI.startsWith("/META-INF/") ||
- relativeURI.startsWith("/WEB-INF/")) {
+ HttpRequest hreq = (HttpRequest) request;
+ MessageBytes contextPathMB = hreq.getContextPathMB();
+ int length = contextPathMB.getLength();
+ MessageBytes decodedURIMB = hreq.getDecodedRequestURIMB();
+ decodedURIMB.toChars();
+ CharChunk decodedURIBC = decodedURIMB.getCharChunk();
+ int bcLength = decodedURIBC.getLength();
+ boolean notFound = false;
+ if (decodedURIBC.startsWithIgnoreCase("/META-INF", length)) {
+ if ((decodedURIBC.getLength() == ("/META-INF".length() + length))
+ || (decodedURIBC.getBuffer()["/META-INF".length() + length]
+ == '/')) {
+ notFound = true;
+ }
+ }
+ if (decodedURIBC.startsWithIgnoreCase("/WEB-INF", length)) {
+ if ((decodedURIBC.getLength() == ("/WEB-INF".length() + length))
+ || (decodedURIBC.getBuffer()["/WEB-INF".length() + length]
+ == '/')) {
+ System.out.println("Not found");
+ notFound = true;
+ }
+ }
+ if (notFound) {
+ String requestURI = hreq.getDecodedRequestURI();
notFound(requestURI, (HttpServletResponse) response.getResponse());
return;
}
@@ -176,11 +197,13 @@
try {
wrapper = (Wrapper) context.map(request, true);
} catch (IllegalArgumentException e) {
+ String requestURI = hreq.getDecodedRequestURI();
badRequest(requestURI,
(HttpServletResponse) response.getResponse());
return;
}
if (wrapper == null) {
+ String requestURI = hreq.getDecodedRequestURI();
notFound(requestURI, (HttpServletResponse) response.getResponse());
return;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org