CoyoteAdapter.java

fhanik Tue, 13 Feb 2007 09:47:45 -0800

Author: fhanik
Date: Tue Feb 13 09:47:21 2007
New Revision: 507117

URL: http://svn.apache.org/viewvc?view=rev&rev=507117
Log:
Add some options for handling URL chars, backport from TC 6.0.x


Modified:
    tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java
    
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java

Modified: 
tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java
URL: 
http://svn.apache.org/viewvc/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java?view=diff&rev=507117&r1=507116&r2=507117
==============================================================================
--- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java 
(original)
+++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java 
Tue Feb 13 09:47:21 2007
@@ -30,6 +30,9 @@
  */
 public final class UDecoder {
     
+    protected static final boolean ALLOW_ENCODED_SLASH = 
+        
Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH",
 "false")).booleanValue();
+    
     public UDecoder() 
     {
     }
@@ -63,6 +66,8 @@
        // idx will be the smallest positive inxes ( first % or + )
        if( idx2 >= 0 && idx2 < idx ) idx=idx2;
        if( idx < 0 ) idx=idx2;
+    
+       boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
 
        for( int j=idx; j<end; j++, idx++ ) {
            if( buff[ j ] == '+' && query) {
@@ -81,6 +86,9 @@
                
                j+=2;
                int res=x2c( b1, b2 );
+                if (noSlash && (res == '/')) {
+                    throw new CharConversionException( "noSlash");
+                }
                buff[idx]=(byte)res;
            }
        }
@@ -122,7 +130,8 @@
        
        if( idx2 >= 0 && idx2 < idx ) idx=idx2; 
        if( idx < 0 ) idx=idx2;
-
+    
+       boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
        for( int j=idx; j<cend; j++, idx++ ) {
            if( buff[ j ] == '+' && query ) {
                buff[idx]=( ' ' );
@@ -141,6 +150,9 @@
                
                j+=2;
                int res=x2c( b1, b2 );
+               if (noSlash && (res == '/')) {
+                   throw new CharConversionException( "noSlash");
+               }
                buff[idx]=(char)res;
            }
        }

Modified: 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
URL: 
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java?view=diff&rev=507117&r1=507116&r2=507117
==============================================================================
--- 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
 (original)
+++ 
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
 Tue Feb 13 09:47:21 2007
@@ -50,6 +50,8 @@
  {
     private static Log log = LogFactory.getLog(CoyoteAdapter.class);
 
+    protected static final boolean ALLOW_BACKSLASH = 
+        
Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH",
 "false")).booleanValue();
     // -------------------------------------------------------------- Constants
 
 
@@ -226,8 +228,8 @@
                 req.getURLDecoder().convert(decodedURI, false);
             } catch (IOException ioe) {
                 res.setStatus(400);
-                res.setMessage("Invalid URI");
-                throw ioe;
+                res.setMessage("Invalid URI: " + ioe.getMessage());
+                return false;
             }
             // Normalization
             if (!normalize(req.decodedURI())) {
@@ -515,8 +517,13 @@
         // Replace '\' with '/'
         // Check for null byte
         for (pos = start; pos < end; pos++) {
-            if (b[pos] == (byte) '\\')
-                b[pos] = (byte) '/';
+            if (b[pos] == (byte) '\\') {
+                if (ALLOW_BACKSLASH) {
+                    b[pos] = (byte) '/';
+                } else {
+                    return false;
+                }
+            }
             if (b[pos] == (byte) 0)
                 return false;
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r507117 - in /tomcat: connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java

Reply via email to