This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new 550af3c Ensure URL patterns provided via web.xml are %nn decoded consistently 550af3c is described below commit 550af3c7d6f3b278a41bc14244fddac20b67d77b Author: Mark Thomas <ma...@apache.org> AuthorDate: Mon Mar 16 14:46:50 2020 +0000 Ensure URL patterns provided via web.xml are %nn decoded consistently Use the encoding of the web.xml file where specified and UTF-8 where no explicit encoding is specified. --- .../tomcat/util/descriptor/web/ErrorPage.java | 8 ++-- .../tomcat/util/descriptor/web/FilterMap.java | 2 +- .../tomcat/util/descriptor/web/LoginConfig.java | 9 ++--- .../util/descriptor/web/SecurityCollection.java | 8 ++-- .../util/descriptor/web/SecurityConstraint.java | 10 +++++ .../apache/tomcat/util/descriptor/web/WebXml.java | 3 ++ .../tomcat/util/descriptor/web/TestWebXml.java | 43 ++++++++++++++++++++++ webapps/docs/changelog.xml | 9 +++++ 8 files changed, 77 insertions(+), 15 deletions(-) diff --git a/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java b/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java index f55dc5a..bf0920d 100644 --- a/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java +++ b/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java @@ -27,12 +27,12 @@ import org.apache.tomcat.util.buf.UDecoder; * * @author Craig R. McClanahan */ -public class ErrorPage implements Serializable { +public class ErrorPage extends XmlEncodingBase implements Serializable { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 2L; - // ----------------------------------------------------- Instance Variables + // ----------------------------------------------------- Instance Variables /** * The error (status) code for which this error page is active. Note that @@ -125,7 +125,7 @@ public class ErrorPage implements Serializable { // if ((location == null) || !location.startsWith("/")) // throw new IllegalArgumentException // ("Error Page Location must start with a '/'"); - this.location = UDecoder.URLDecode(location); + this.location = UDecoder.URLDecode(location, getCharset()); } diff --git a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java index 5ece6a0..a8d6b89 100644 --- a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java +++ b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java @@ -135,7 +135,7 @@ public class FilterMap extends XmlEncodingBase implements Serializable { } else { String[] results = new String[urlPatterns.length + 1]; System.arraycopy(urlPatterns, 0, results, 0, urlPatterns.length); - results[urlPatterns.length] = UDecoder.URLDecode(urlPattern); + results[urlPatterns.length] = UDecoder.URLDecode(urlPattern, getCharset()); urlPatterns = results; } } diff --git a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java index e1c6952..053eb80 100644 --- a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java +++ b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java @@ -27,15 +27,14 @@ import org.apache.tomcat.util.buf.UDecoder; * * @author Craig R. McClanahan */ -public class LoginConfig implements Serializable { +public class LoginConfig extends XmlEncodingBase implements Serializable { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = 2L; // ----------------------------------------------------------- Constructors - /** * Construct a new LoginConfig with default properties. */ @@ -97,7 +96,7 @@ public class LoginConfig implements Serializable { // if ((errorPage == null) || !errorPage.startsWith("/")) // throw new IllegalArgumentException // ("Error Page resource path must start with a '/'"); - this.errorPage = UDecoder.URLDecode(errorPage); + this.errorPage = UDecoder.URLDecode(errorPage, getCharset()); } @@ -114,7 +113,7 @@ public class LoginConfig implements Serializable { // if ((loginPage == null) || !loginPage.startsWith("/")) // throw new IllegalArgumentException // ("Login Page resource path must start with a '/'"); - this.loginPage = UDecoder.URLDecode(loginPage); + this.loginPage = UDecoder.URLDecode(loginPage, getCharset()); } diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java index 45951bd..73b7a68 100644 --- a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java +++ b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java @@ -18,6 +18,7 @@ package org.apache.tomcat.util.descriptor.web; import java.io.Serializable; import java.nio.charset.StandardCharsets; +import java.util.Arrays; import org.apache.tomcat.util.buf.UDecoder; @@ -209,11 +210,8 @@ public class SecurityCollection extends XmlEncodingBase implements Serializable if (pattern == null) return; - String decodedPattern = UDecoder.URLDecode(pattern); - String results[] = new String[patterns.length + 1]; - for (int i = 0; i < patterns.length; i++) { - results[i] = patterns[i]; - } + String decodedPattern = UDecoder.URLDecode(pattern, getCharset()); + String[] results = Arrays.copyOf(patterns, patterns.length + 1); results[patterns.length] = decodedPattern; patterns = results; } diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java index fc6b41c..08ec6d1 100644 --- a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java +++ b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java @@ -17,6 +17,7 @@ package org.apache.tomcat.util.descriptor.web; import java.io.Serializable; +import java.nio.charset.Charset; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -269,6 +270,15 @@ public class SecurityConstraint extends XmlEncodingBase implements Serializable } + @Override + public void setCharset(Charset charset) { + super.setCharset(charset); + for (SecurityCollection collection : collections) { + collection.setCharset(getCharset()); + } + } + + /** * Add a new web resource collection to those protected by this * security constraint. diff --git a/java/org/apache/tomcat/util/descriptor/web/WebXml.java b/java/org/apache/tomcat/util/descriptor/web/WebXml.java index 42d1d75..eaae0e0 100644 --- a/java/org/apache/tomcat/util/descriptor/web/WebXml.java +++ b/java/org/apache/tomcat/util/descriptor/web/WebXml.java @@ -293,6 +293,7 @@ public class WebXml extends XmlEncodingBase implements DocumentProperties.Encodi private final Set<FilterMap> filterMaps = new LinkedHashSet<>(); private final Set<String> filterMappingNames = new HashSet<>(); public void addFilterMapping(FilterMap filterMap) { + filterMap.setCharset(getCharset()); filterMaps.add(filterMap); filterMappingNames.add(filterMap.getFilterName()); } @@ -394,6 +395,7 @@ public class WebXml extends XmlEncodingBase implements DocumentProperties.Encodi // error-page private final Map<String,ErrorPage> errorPages = new HashMap<>(); public void addErrorPage(ErrorPage errorPage) { + errorPage.setCharset(getCharset()); errorPages.put(errorPage.getName(), errorPage); } public Map<String,ErrorPage> getErrorPages() { return errorPages; } @@ -437,6 +439,7 @@ public class WebXml extends XmlEncodingBase implements DocumentProperties.Encodi // Digester will check there is only one of these private LoginConfig loginConfig = null; public void setLoginConfig(LoginConfig loginConfig) { + loginConfig.setCharset(getCharset()); this.loginConfig = loginConfig; } public LoginConfig getLoginConfig() { return loginConfig; } diff --git a/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java b/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java index a6db7ab..681c99b 100644 --- a/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java +++ b/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java @@ -19,6 +19,8 @@ package org.apache.tomcat.util.descriptor.web; import java.io.File; import java.io.IOException; import java.io.StringReader; +import java.nio.charset.StandardCharsets; +import java.util.Collection; import java.util.HashSet; import java.util.Map; import java.util.Set; @@ -470,4 +472,45 @@ public class TestWebXml { webxml.merge(fragments); } + + + @Test + public void testEncoding() { + WebXml webXml = new WebXml(); + webXml.setCharset(StandardCharsets.ISO_8859_1); + + webXml.addErrorPage(new ErrorPage()); + Collection<ErrorPage> errorPages = webXml.getErrorPages().values(); + for (ErrorPage errorPage : errorPages) { + Assert.assertEquals(StandardCharsets.ISO_8859_1, errorPage.getCharset()); + } + + webXml.addFilterMapping(new FilterMap()); + Set<FilterMap> filterMaps = webXml.getFilterMappings(); + for (FilterMap filterMap : filterMaps) { + Assert.assertEquals(StandardCharsets.ISO_8859_1, filterMap.getCharset()); + } + + webXml.addJspPropertyGroup(new JspPropertyGroup()); + Set<JspPropertyGroup> jspPropertyGroups = webXml.getJspPropertyGroups(); + for (JspPropertyGroup jspPropertyGroup : jspPropertyGroups) { + Assert.assertEquals(StandardCharsets.ISO_8859_1, jspPropertyGroup.getCharset()); + } + + webXml.setLoginConfig(new LoginConfig()); + LoginConfig loginConfig = webXml.getLoginConfig(); + Assert.assertEquals(StandardCharsets.ISO_8859_1, loginConfig.getCharset()); + + SecurityConstraint constraint = new SecurityConstraint(); + constraint.addCollection(new SecurityCollection()); + webXml.addSecurityConstraint(constraint); + Set<SecurityConstraint> securityConstraints = webXml.getSecurityConstraints(); + for (SecurityConstraint securityConstraint : securityConstraints) { + Assert.assertEquals(StandardCharsets.ISO_8859_1, securityConstraint.getCharset()); + for (SecurityCollection securityCollection : securityConstraint.findCollections()) { + Assert.assertEquals(StandardCharsets.ISO_8859_1, securityCollection.getCharset()); + } + } + + } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 4666378..2fc7df9 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -45,6 +45,15 @@ issues do not "pop up" wrt. others). --> <section name="Tomcat 8.5.54 (markt)" rtext="in development"> + <subsection name="Catalina"> + <changelog> + <fix> + Ensure all URL patterns provided via web.xml are %nn decoded + consistently using the encoding of the web.xml file where specified and + UTF-8 where no explicit encoding is specified. (markt) + </fix> + </changelog> + </subsection> <subsection name="Coyote"> <changelog> <add> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org