This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new e48808b7ed Fix another instance of incorrect URL decoding handling
e48808b7ed is described below
commit e48808b7ed98acc83275a72f54fa71deb4632615
Author: remm <[email protected]>
AuthorDate: Thu Jun 11 10:00:44 2026 +0200
Fix another instance of incorrect URL decoding handling
The ServletContext stores the decoded URL mappings in its map, so the
lookup will fail.
ApplicationFilterRegistration is fine as FilterMap does the decoding.
---
.../catalina/core/ApplicationServletRegistration.java | 17 +++++++++++------
webapps/docs/changelog.xml | 4 ++++
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationServletRegistration.java
b/java/org/apache/catalina/core/ApplicationServletRegistration.java
index 1587ee4837..43ee2e953a 100644
--- a/java/org/apache/catalina/core/ApplicationServletRegistration.java
+++ b/java/org/apache/catalina/core/ApplicationServletRegistration.java
@@ -175,16 +175,21 @@ public class ApplicationServletRegistration implements
ServletRegistration.Dynam
Set<String> conflicts = new HashSet<>();
- for (String urlPattern : urlPatterns) {
- String wrapperName = context.findServletMapping(urlPattern);
+ String[] decodedUrlPatterns = new String[urlPatterns.length];
+ for (int i = 0; i < urlPatterns.length; i++) {
+ decodedUrlPatterns[i] = UDecoder.URLDecode(urlPatterns[i],
StandardCharsets.UTF_8);
+ }
+
+ for (int i = 0; i < decodedUrlPatterns.length; i++) {
+ String wrapperName =
context.findServletMapping(decodedUrlPatterns[i]);
if (wrapperName != null) {
Wrapper wrapper = (Wrapper) context.findChild(wrapperName);
if (wrapper.isOverridable()) {
// Some Wrappers (from global and host web.xml) may be
// overridden rather than generating a conflict
- context.removeServletMapping(urlPattern);
+ context.removeServletMapping(decodedUrlPatterns[i]);
} else {
- conflicts.add(urlPattern);
+ conflicts.add(urlPatterns[i]);
}
}
}
@@ -193,8 +198,8 @@ public class ApplicationServletRegistration implements
ServletRegistration.Dynam
return conflicts;
}
- for (String urlPattern : urlPatterns) {
- context.addServletMappingDecoded(UDecoder.URLDecode(urlPattern,
StandardCharsets.UTF_8), wrapper.getName());
+ for (String urlPattern : decodedUrlPatterns) {
+ context.addServletMappingDecoded(urlPattern, wrapper.getName());
}
if (constraint != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ba69cea917..062a384d5f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -286,6 +286,10 @@
Add <code>jakarta.</code> to the list of reserved prefixes for SSI
variables and request attributes. (markt)
</fix>
+ <fix>
+ Missing URL decoding when processing <code>addMapping</code> on a
+ Servlet registration. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
