svn commit: r1366946 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/connector/Response.java test/org/apache/catalina/connector/TestResponse.java webapps/docs/changelog.xml

Sun, 29 Jul 2012 13:34:06 -0700 

Author: markt
Date: Sun Jul 29 20:33:16 2012
New Revision: 1366946

URL: http://svn.apache.org/viewvc?rev=1366946&view=rev
Log:
Partial fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
If the relative URL can't be made absolute, do not encode it and return it as is

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java
    tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1366945

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java?rev=1366946&r1=1366945&r2=1366946&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java 
(original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java Sun 
Jul 29 20:33:16 2012
@@ -1242,7 +1242,14 @@ public class Response
     @Override
     public String encodeURL(String url) {
 
-        String absolute = toAbsolute(url);
+        String absolute;
+        try {
+            absolute = toAbsolute(url);
+        } catch (IllegalArgumentException iae) {
+            // Relative URL
+            return url;
+        }
+
         if (isEncodeable(absolute)) {
             // W3c spec clearly said
             if (url.equalsIgnoreCase("")) {
@@ -1810,7 +1817,7 @@ public class Response
             if (index < 0) {
                 break;
             }
-            // Prevent from going outside our context
+            // Can't go above the server root
             if (index == startIndex) {
                 throw new IllegalArgumentException();
             }
@@ -1827,7 +1834,7 @@ public class Response
             index = index2;
         }
 
-        // Add the query string (if present) back in
+        // Add the query string and/or fragment (if present) back in
         if (truncateCC != null) {
             try {
                 cc.append(truncateCC, 0, truncateCC.length);

Modified: 
tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1366946&r1=1366945&r2=1366946&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java 
(original)
+++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java 
Sun Jul 29 20:33:16 2012
@@ -364,6 +364,30 @@ public class TestResponse extends Tomcat
     }
 
 
+    @Test
+    public void testBug53469a() throws Exception {
+        Request req = new TesterMockRequest();
+        Response resp = new Response();
+        resp.setRequest(req);
+
+        String result = resp.encodeURL("../bar.html");
+
+        Assert.assertEquals("../bar.html", result);
+    }
+
+
+    @Test
+    public void testBug53469b() throws Exception {
+        Request req = new TesterMockRequest();
+        Response resp = new Response();
+        resp.setRequest(req);
+
+        String result = resp.encodeURL("../../../../bar.html");
+
+        Assert.assertEquals("../../../../bar.html", result);
+    }
+
+
     private static final class Bug52811Servlet extends HttpServlet {
         private static final long serialVersionUID = 1L;
 

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1366946&r1=1366945&r2=1366946&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Jul 29 20:33:16 2012
@@ -63,6 +63,13 @@
         when request processing completes. (kkolinko)
       </fix>
       <fix>
+        <bug>53469</bug>: If a URL passed to
+        <code>javax.servlet.http.HttpServletResponse.encodeURL()</code> cannot
+        be made absolute, never encode it and return it unchanged. Previously,
+        the fix for <bug>53062</bug> meant than an
+        <code>IllegalArgumentException</code> was thrown. (markt)
+      </fix>
+      <fix>
         <bug>53498</bug>: Fix atomicity bugs in use of concurrent collections.
         Based on a patch by Yu Lin. (markt)
       </fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to