(tomcat) branch 11.0.x updated: Avoid double decoding

Wed, 27 May 2026 00:47:10 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmaucher pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new 6b27cce0c7 Avoid double decoding
6b27cce0c7 is described below

commit 6b27cce0c7e55c3b6d86d51567da7c250b5c9d52
Author: remm <[email protected]>
AuthorDate: Wed May 27 09:45:30 2026 +0200

    Avoid double decoding
    
    Also I'm not sure why this has the inconsistent static reference to
    UTF-8.
---
 java/org/apache/tomcat/util/descriptor/web/FilterMap.java          | 2 +-
 java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java 
b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
index fccce05123..eb9b8caf0b 100644
--- a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
+++ b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
@@ -204,7 +204,7 @@ public class FilterMap extends XmlEncodingBase implements 
Serializable {
         } else {
             String[] results = new String[urlPatterns.length + 1];
             System.arraycopy(urlPatterns, 0, results, 0, urlPatterns.length);
-            results[urlPatterns.length] = UDecoder.URLDecode(urlPattern, 
getCharset());
+            results[urlPatterns.length] = urlPattern;
             urlPatterns = results;
         }
     }
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java 
b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
index 6dc18d22d0..9c595c92a7 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
@@ -18,7 +18,6 @@ package org.apache.tomcat.util.descriptor.web;
 
 import java.io.Serial;
 import java.io.Serializable;
-import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 
 import org.apache.tomcat.util.buf.UDecoder;
@@ -205,7 +204,7 @@ public class SecurityCollection extends XmlEncodingBase 
implements Serializable
      * @param pattern The pattern
      */
     public void addPattern(String pattern) {
-        addPatternDecoded(UDecoder.URLDecode(pattern, StandardCharsets.UTF_8));
+        addPatternDecoded(UDecoder.URLDecode(pattern, getCharset()));
     }
 
     /**
@@ -219,9 +218,8 @@ public class SecurityCollection extends XmlEncodingBase 
implements Serializable
             return;
         }
 
-        String decodedPattern = UDecoder.URLDecode(pattern, getCharset());
         String[] results = Arrays.copyOf(patterns, patterns.length + 1);
-        results[patterns.length] = decodedPattern;
+        results[patterns.length] = pattern;
         patterns = results;
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to