Author: markt
Date: Thu Sep 13 13:26:54 2018
New Revision: 1840812
URL: http://svn.apache.org/viewvc?rev=1840812&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61692
Add the ability to control which HTTP methods are handled by the CGI Servlet
via a new initialization parameter cgiMethods.
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
tomcat/trunk/webapps/docs/cgi-howto.xml
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java?rev=1840812&r1=1840811&r2=1840812&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Thu Sep 13
13:26:54 2018
@@ -29,10 +29,12 @@ import java.nio.file.Files;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
+import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Map.Entry;
+import java.util.Set;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.regex.Pattern;
@@ -242,6 +244,14 @@ public final class CGIServlet extends Ht
private static final long serialVersionUID = 1L;
+ private static final Set<String> DEFAULT_SUPER_METHODS = new HashSet<>();
+ static {
+ DEFAULT_SUPER_METHODS.add("HEAD");
+ DEFAULT_SUPER_METHODS.add("OPTIONS");
+ DEFAULT_SUPER_METHODS.add("TRACE");
+ }
+
+
/**
* The CGI search path will start at
* webAppRootDir + File.separator + cgiPathPrefix
@@ -260,6 +270,11 @@ public final class CGIServlet extends Ht
private String parameterEncoding =
System.getProperty("file.encoding", "UTF-8");
+ /* The HTTP methods this Servlet will pass to the CGI script */
+ private Set<String> cgiMethods = new HashSet<>();
+ private boolean cgiMethodsAll = false;
+
+
/**
* The time (in milliseconds) to wait for the reading of stderr to complete
* before terminating the CGI process.
@@ -364,6 +379,23 @@ public final class CGIServlet extends Ht
enableCmdLineArguments =
Boolean.parseBoolean(config.getInitParameter("enableCmdLineArguments"));
}
+
+ if (getServletConfig().getInitParameter("cgiMethods") != null) {
+ String paramValue =
getServletConfig().getInitParameter("cgiMethods");
+ paramValue.trim();
+ if ("*".equals(paramValue)) {
+ cgiMethodsAll = true;
+ } else {
+ String[] methods = paramValue.split(",");
+ for (String method : methods) {
+ String trimmedMethod = method.trim();
+ cgiMethods.add(trimmedMethod);
+ }
+ }
+ } else {
+ cgiMethods.add("GET");
+ cgiMethods.add("POST");
+ }
}
@@ -497,20 +529,21 @@ public final class CGIServlet extends Ht
}
- /**
- * Provides CGI Gateway service -- delegates to
- * {@link #doGet(HttpServletRequest, HttpServletResponse)}.
- *
- * @param req HttpServletRequest passed in by servlet container
- * @param res HttpServletResponse passed in by servlet container
- *
- * @exception ServletException if a servlet-specific exception occurs
- * @exception IOException if a read/write exception occurs
- */
@Override
- protected void doPost(HttpServletRequest req, HttpServletResponse res)
- throws IOException, ServletException {
- doGet(req, res);
+ protected void service(HttpServletRequest req, HttpServletResponse res)
+ throws ServletException, IOException {
+
+ String method = req.getMethod();
+ if (cgiMethodsAll || cgiMethods.contains(method)) {
+ doGet(req, res);
+ } else if (DEFAULT_SUPER_METHODS.contains(method)){
+ // If the CGI servlet is explicitly configured to handle one of
+ // these methods it will be handled in the previous condition
+ super.service(req, res);
+ } else {
+ // Unsupported method
+ res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ }
}
Modified: tomcat/trunk/webapps/docs/cgi-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/cgi-howto.xml?rev=1840812&r1=1840811&r2=1840812&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/cgi-howto.xml (original)
+++ tomcat/trunk/webapps/docs/cgi-howto.xml Thu Sep 13 13:26:54 2018
@@ -91,6 +91,12 @@ file affects all web applications. See
<p>There are several servlet init parameters which can be used to
configure the behaviour of the CGI servlet.</p>
<ul>
+<li><strong>cgiMethods</strong> - Comma separated list of HTTP methods.
Requests
+using one of these methods will be passed to the CGI script for the script to
+generate the response. The default value is <code>GET,POST</code>. Use
+<code>*</code> for the script to handle all requests regardless of method.
+Unless over-ridden by the configuration of this parameter, requests using HEAD,
+OPTIONS or TRACE will have handled by the superclass.</li>
<li><strong>cgiPathPrefix</strong> - The CGI search path will start at
the web application root directory + File.separator + this prefix.
By default there is no value, which results in the web application root
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1840812&r1=1840811&r2=1840812&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Sep 13 13:26:54 2018
@@ -47,6 +47,11 @@
<section name="Tomcat 9.0.13 (markt)" rtext="in development">
<subsection name="Catalina">
<changelog>
+ <add>
+ <bug>61692</bug>: Add the ability to control which HTTP methods are
+ handled by the CGI Servlet via a new initialization parameter
+ <code>cgiMethods</code>. (markt)
+ </add>
<fix>
<bug>62687</bug>: Expose content length information for resources
when using a compressed war. (remm)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
