This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 8cb95ff032 Use WebResource API to differentiate files and directories
8cb95ff032 is described below
commit 8cb95ff03221067c511b3fa66d4f745bc4b0a605
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 2 16:42:30 2025 +0100
Use WebResource API to differentiate files and directories
It is much easier/more efficient to do this directly than via the
ServletContext API.
---
java/org/apache/catalina/servlets/CGIServlet.java | 37 +++++++++++++---------
.../catalina/servlets/LocalStrings.properties | 1 +
2 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index d4af679a55..7f947e5c61 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -24,8 +24,6 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.net.URLDecoder;
import java.nio.file.Files;
import java.util.ArrayList;
@@ -44,12 +42,16 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
+import javax.servlet.UnavailableException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.catalina.Globals;
+import org.apache.catalina.WebResource;
+import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.util.IOTools;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -244,6 +246,8 @@ public final class CGIServlet extends HttpServlet {
private final Set<String> cgiMethods = new HashSet<>();
private boolean cgiMethodsAll = false;
+ private transient WebResourceRoot resources = null;
+
/**
* The time (in milliseconds) to wait for the reading of stderr to
complete before terminating the CGI process.
@@ -379,6 +383,13 @@ public final class CGIServlet extends HttpServlet {
} else if (value != null) {
cmdLineArgumentsDecodedPattern = Pattern.compile(value);
}
+
+ // Load the web resources
+ resources = (WebResourceRoot)
getServletContext().getAttribute(Globals.RESOURCES_ATTR);
+
+ if (resources == null) {
+ throw new
UnavailableException(sm.getString("cgiServlet.noResources"));
+ }
}
@@ -802,7 +813,7 @@ public final class CGIServlet extends HttpServlet {
StringBuilder cgiPath = new StringBuilder();
StringBuilder urlPath = new StringBuilder();
- URL cgiScriptURL = null;
+ WebResource cgiScript = null;
if (cgiPathPrefix == null || cgiPathPrefix.isEmpty()) {
cgiPath.append(servletPath);
@@ -814,7 +825,7 @@ public final class CGIServlet extends HttpServlet {
StringTokenizer pathWalker = new StringTokenizer(pathInfo, "/");
- while (pathWalker.hasMoreElements() && cgiScriptURL == null) {
+ while (pathWalker.hasMoreElements() && (cgiScript == null ||
!cgiScript.isFile())) {
String urlSegment = pathWalker.nextToken();
cgiPath.append('/');
cgiPath.append(urlSegment);
@@ -823,15 +834,11 @@ public final class CGIServlet extends HttpServlet {
if (log.isTraceEnabled()) {
log.trace(sm.getString("cgiServlet.find.location",
cgiPath.toString()));
}
- try {
- cgiScriptURL = context.getResource(cgiPath.toString());
- } catch (MalformedURLException e) {
- // Ignore - should never happen
- }
+ cgiScript = resources.getResource(cgiPath.toString());
}
// No script was found
- if (cgiScriptURL == null) {
+ if (cgiScript == null || !cgiScript.isFile()) {
return new String[] { null, null, null, null };
}
@@ -841,7 +848,7 @@ public final class CGIServlet extends HttpServlet {
String cgiName = null;
String name = null;
- path = context.getRealPath(cgiPath.toString());
+ path = cgiScript.getCanonicalPath();
if (path == null) {
/*
* The script doesn't exist directly on the file system. It
might be located in an archive or similar.
@@ -857,14 +864,14 @@ public final class CGIServlet extends HttpServlet {
return new String[] { null, null, null, null };
}
- try (InputStream is =
context.getResourceAsStream(cgiPath.toString())) {
+ try (InputStream is = cgiScript.getInputStream()) {
synchronized (expandFileLock) {
// Check if file was created by concurrent request
if (!tmpCgiFile.exists()) {
try {
Files.copy(is, tmpCgiFile.toPath());
} catch (IOException ioe) {
-
log.warn(sm.getString("cgiServlet.expandFail", cgiScriptURL,
+
log.warn(sm.getString("cgiServlet.expandFail", cgiScript.getURL(),
tmpCgiFile.getAbsolutePath()),
ioe);
if (tmpCgiFile.exists()) {
if (!tmpCgiFile.delete()) {
@@ -875,13 +882,13 @@ public final class CGIServlet extends HttpServlet {
return new String[] { null, null, null,
null };
}
if (log.isDebugEnabled()) {
-
log.debug(sm.getString("cgiServlet.expandOk", cgiScriptURL,
+
log.debug(sm.getString("cgiServlet.expandOk", cgiScript.getURL(),
tmpCgiFile.getAbsolutePath()));
}
}
}
} catch (IOException ioe) {
- log.warn(sm.getString("cgiServlet.expandCloseFail",
cgiScriptURL), ioe);
+ log.warn(sm.getString("cgiServlet.expandCloseFail",
cgiScript.getURL()), ioe);
}
}
path = tmpCgiFile.getAbsolutePath();
diff --git a/java/org/apache/catalina/servlets/LocalStrings.properties
b/java/org/apache/catalina/servlets/LocalStrings.properties
index 5fb786b3ba..0c26760722 100644
--- a/java/org/apache/catalina/servlets/LocalStrings.properties
+++ b/java/org/apache/catalina/servlets/LocalStrings.properties
@@ -29,6 +29,7 @@ cgiServlet.invalidArgumentDecoded=The decoded command line
argument [{0}] did no
cgiServlet.invalidArgumentEncoded=The encoded command line argument [{0}] did
not match the configured cmdLineArgumentsEncoded pattern [{1}]
cgiServlet.invalidCommand=Illegal Character in CGI command path ('.' or '..')
detected, not running CGI [{0}]
cgiServlet.notReady=CGI Servlet is not ready to run
+cgiServlet.noResources=No static resources were found
cgiServlet.runBadHeader=Bad header line [{0}]
cgiServlet.runFail=I/O problems processing CGI
cgiServlet.runHeaderReaderFail=I/O problems closing header reader
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
