Author: fhanik Date: Tue Feb 13 09:47:21 2007 New Revision: 507117 URL: http://svn.apache.org/viewvc?view=rev&rev=507117 Log: Add some options for handling URL chars, backport from TC 6.0.x
Modified: tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java Modified: tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java URL: http://svn.apache.org/viewvc/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java?view=diff&rev=507117&r1=507116&r2=507117 ============================================================================== --- tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java (original) +++ tomcat/connectors/trunk/util/java/org/apache/tomcat/util/buf/UDecoder.java Tue Feb 13 09:47:21 2007 @@ -30,6 +30,9 @@ */ public final class UDecoder { + protected static final boolean ALLOW_ENCODED_SLASH = + Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "false")).booleanValue(); + public UDecoder() { } @@ -63,6 +66,8 @@ // idx will be the smallest positive inxes ( first % or + ) if( idx2 >= 0 && idx2 < idx ) idx=idx2; if( idx < 0 ) idx=idx2; + + boolean noSlash = !(ALLOW_ENCODED_SLASH || query); for( int j=idx; j<end; j++, idx++ ) { if( buff[ j ] == '+' && query) { @@ -81,6 +86,9 @@ j+=2; int res=x2c( b1, b2 ); + if (noSlash && (res == '/')) { + throw new CharConversionException( "noSlash"); + } buff[idx]=(byte)res; } } @@ -122,7 +130,8 @@ if( idx2 >= 0 && idx2 < idx ) idx=idx2; if( idx < 0 ) idx=idx2; - + + boolean noSlash = !(ALLOW_ENCODED_SLASH || query); for( int j=idx; j<cend; j++, idx++ ) { if( buff[ j ] == '+' && query ) { buff[idx]=( ' ' ); @@ -141,6 +150,9 @@ j+=2; int res=x2c( b1, b2 ); + if (noSlash && (res == '/')) { + throw new CharConversionException( "noSlash"); + } buff[idx]=(char)res; } } Modified: tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java?view=diff&rev=507117&r1=507116&r2=507117 ============================================================================== --- tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java (original) +++ tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java Tue Feb 13 09:47:21 2007 @@ -50,6 +50,8 @@ { private static Log log = LogFactory.getLog(CoyoteAdapter.class); + protected static final boolean ALLOW_BACKSLASH = + Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "false")).booleanValue(); // -------------------------------------------------------------- Constants @@ -226,8 +228,8 @@ req.getURLDecoder().convert(decodedURI, false); } catch (IOException ioe) { res.setStatus(400); - res.setMessage("Invalid URI"); - throw ioe; + res.setMessage("Invalid URI: " + ioe.getMessage()); + return false; } // Normalization if (!normalize(req.decodedURI())) { @@ -515,8 +517,13 @@ // Replace '\' with '/' // Check for null byte for (pos = start; pos < end; pos++) { - if (b[pos] == (byte) '\\') - b[pos] = (byte) '/'; + if (b[pos] == (byte) '\\') { + if (ALLOW_BACKSLASH) { + b[pos] = (byte) '/'; + } else { + return false; + } + } if (b[pos] == (byte) 0) return false; } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]