svn commit: r1700896 - in /tomcat/trunk: java/org/apache/tomcat/util/http/RequestUtil.java test/org/apache/tomcat/util/http/TestRequestUtil.java

Wed, 02 Sep 2015 13:39:48 -0700 

Author: markt
Date: Wed Sep  2 20:39:00 2015
New Revision: 1700896

URL: http://svn.apache.org/r1700896
Log:
More normalization edge cases

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java
    tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java

Modified: tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java?rev=1700896&r1=1700895&r2=1700896&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/http/RequestUtil.java Wed Sep  2 
20:39:00 2015
@@ -67,14 +67,6 @@ public class RequestUtil {
         if (!normalized.startsWith("/"))
             normalized = "/" + normalized;
 
-        if (normalized.equals("/.")) {
-            return "/";
-        }
-
-        if (normalized.equals("/..")) {
-            return null;  // Trying to go outside our context
-        }
-
         // Resolve occurrences of "//" in the normalized path
         while (true) {
             int index = normalized.indexOf("//");
@@ -106,6 +98,14 @@ public class RequestUtil {
             normalized = normalized.substring(0, index2) + 
normalized.substring(index + 3);
         }
 
+        if (normalized.equals("/.")) {
+            return "/";
+        }
+
+        if (normalized.equals("/..")) {
+            return null;  // Trying to go outside our context
+        }
+
         // Return the normalized path that we have completed
         return normalized;
     }

Modified: tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java?rev=1700896&r1=1700895&r2=1700896&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java 
(original)
+++ tomcat/trunk/test/org/apache/tomcat/util/http/TestRequestUtil.java Wed Sep  
2 20:39:00 2015
@@ -87,6 +87,36 @@ public class TestRequestUtil {
         doTestNormalize("..", null);
     }
 
+    @Test
+    public void testNormalize14() {
+        doTestNormalize("//..", null);
+    }
+
+    @Test
+    public void testNormalize15() {
+        doTestNormalize("//../", null);
+    }
+
+    @Test
+    public void testNormalize16() {
+        doTestNormalize("/./..", null);
+    }
+
+    @Test
+    public void testNormalize17() {
+        doTestNormalize("/./../", null);
+    }
+
+    @Test
+    public void testNormalize18() {
+        doTestNormalize("/a/../..", null);
+    }
+
+    @Test
+    public void testNormalize19() {
+        doTestNormalize("/a/../../", null);
+    }
+
     private void doTestNormalize(String input, String expected) {
         assertEquals(expected,RequestUtil.normalize(input));
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to