Author: markt Date: Mon Jul 9 19:09:50 2012 New Revision: 1359340 URL: http://svn.apache.org/viewvc?rev=1359340&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53062 Correctly handle case where redirect URL includes a query string (with test cases)
Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1359340&r1=1359339&r2=1359340&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original) +++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Mon Jul 9 19:09:50 2012 @@ -1654,6 +1654,18 @@ public class Response * Code borrowed heavily from CoyoteAdapter.normalize() */ private void normalize(CharChunk cc) { + // Strip query string first (doing it this way makes the logic a lot + // simpler) + int query = cc.indexOf('?'); + char[] queryCC = null; + if (query > -1) { + queryCC = new char[cc.getEnd() - query]; + for (int i = query; i < cc.getEnd(); i++) { + queryCC[i - query] = cc.charAt(i); + } + cc.setEnd(query); + } + if (cc.endsWith("/.") || cc.endsWith("/..")) { try { cc.append('/'); @@ -1712,6 +1724,15 @@ public class Response cc.setEnd(end); index = index2; } + + // Add the query string (if present) back in + if (queryCC != null) { + try { + cc.append(queryCC, 0, queryCC.length); + } catch (IOException ioe) { + throw new IllegalArgumentException(ioe); + } + } } private void copyChars(char[] c, int dest, int src, int len) { Modified: tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1359340&r1=1359339&r2=1359340&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java (original) +++ tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java Mon Jul 9 19:09:50 2012 @@ -222,6 +222,88 @@ public class TestResponse extends Tomcat } + @Test + public void testBug53062f() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.toAbsolute("bar.html"); + + Assert.assertEquals( + "http://localhost:8080/level1/level2/bar.html", result); + } + + + @Test + public void testBug53062g() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.toAbsolute("bar.html?x=/../"); + + Assert.assertEquals( + "http://localhost:8080/level1/level2/bar.html?x=/../", result); + } + + + @Test + public void testBug53062h() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.toAbsolute("bar.html?x=/../../"); + + Assert.assertEquals( + "http://localhost:8080/level1/level2/bar.html?x=/../../", + result); + } + + + @Test + public void testBug53062i() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.toAbsolute("./.?x=/../../"); + + Assert.assertEquals( + "http://localhost:8080/level1/level2/?x=/../../", + result); + } + + + @Test + public void testBug53062j() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.toAbsolute("./..?x=/../../"); + + Assert.assertEquals( + "http://localhost:8080/level1/?x=/../../", + result); + } + + + @Test + public void testBug53062k() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.toAbsolute("./..?x=/../.."); + + Assert.assertEquals( + "http://localhost:8080/level1/?x=/../..", + result); + } + + private static final class Bug52811Servlet extends HttpServlet { private static final long serialVersionUID = 1L; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org