This is an automated email from the ASF dual-hosted git repository.
rmaucher pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 8c9447667e Fix another instance of incorrect URL decoding handling
8c9447667e is described below
commit 8c9447667e72ccef68492ab03302243ab435fb86
Author: remm <[email protected]>
AuthorDate: Thu Jun 11 10:00:44 2026 +0200
Fix another instance of incorrect URL decoding handling
The ServletContext stores the decoded URL mappings in its map, so the
lookup will fail.
ApplicationFilterRegistration is fine as FilterMap does the decoding.
---
.../catalina/core/ApplicationServletRegistration.java | 17 +++++++++++------
webapps/docs/changelog.xml | 4 ++++
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationServletRegistration.java
b/java/org/apache/catalina/core/ApplicationServletRegistration.java
index 8688447f6d..94595cdace 100644
--- a/java/org/apache/catalina/core/ApplicationServletRegistration.java
+++ b/java/org/apache/catalina/core/ApplicationServletRegistration.java
@@ -175,16 +175,21 @@ public class ApplicationServletRegistration implements
ServletRegistration.Dynam
Set<String> conflicts = new HashSet<>();
- for (String urlPattern : urlPatterns) {
- String wrapperName = context.findServletMapping(urlPattern);
+ String[] decodedUrlPatterns = new String[urlPatterns.length];
+ for (int i = 0; i < urlPatterns.length; i++) {
+ decodedUrlPatterns[i] = UDecoder.URLDecode(urlPatterns[i],
StandardCharsets.UTF_8);
+ }
+
+ for (int i = 0; i < decodedUrlPatterns.length; i++) {
+ String wrapperName =
context.findServletMapping(decodedUrlPatterns[i]);
if (wrapperName != null) {
Wrapper wrapper = (Wrapper) context.findChild(wrapperName);
if (wrapper.isOverridable()) {
// Some Wrappers (from global and host web.xml) may be
// overridden rather than generating a conflict
- context.removeServletMapping(urlPattern);
+ context.removeServletMapping(decodedUrlPatterns[i]);
} else {
- conflicts.add(urlPattern);
+ conflicts.add(urlPatterns[i]);
}
}
}
@@ -193,8 +198,8 @@ public class ApplicationServletRegistration implements
ServletRegistration.Dynam
return conflicts;
}
- for (String urlPattern : urlPatterns) {
- context.addServletMappingDecoded(UDecoder.URLDecode(urlPattern,
StandardCharsets.UTF_8), wrapper.getName());
+ for (String urlPattern : decodedUrlPatterns) {
+ context.addServletMappingDecoded(urlPattern, wrapper.getName());
}
if (constraint != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 33d30b264d..67d1f2a1d7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -271,6 +271,10 @@
Add <code>jakarta.</code> to the list of reserved prefixes for SSI
variables and request attributes. (markt)
</fix>
+ <fix>
+ Missing URL decoding when processing <code>addMapping</code> on a
+ Servlet registration. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
