subject:"\[tomcat\] 01\/04\: Make all calls to URLDecode use an explicit character set"

[tomcat] 01/04: Make all calls to URLDecode use an explicit character set

2020-03-16 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 3bb4e130fc1a44c24b6efcd23f6c4e23733f4eda
Author: Mark Thomas 
AuthorDate: Mon Mar 16 15:57:13 2020 +

Make all calls to URLDecode use an explicit character set
---
 java/org/apache/catalina/core/ApplicationContext.java | 3 ++-
 java/org/apache/catalina/loader/WebappLoader.java | 8 
 test/org/apache/catalina/util/TestRequestUtil.java| 4 ++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java 
b/java/org/apache/catalina/core/ApplicationContext.java
index 881d513..e76c54c 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -74,6 +74,7 @@ import org.apache.catalina.util.URLEncoder;
 import org.apache.naming.resources.DirContextURLStreamHandler;
 import org.apache.naming.resources.Resource;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.CharChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
 import org.apache.tomcat.util.buf.UDecoder;
@@ -446,7 +447,7 @@ public class ApplicationContext implements ServletContext {
 
 if (getContext().getDispatchersUseEncodedPaths()) {
 // Decode
-String decodedUri = UDecoder.URLDecode(normalizedUri, 
StandardCharsets.UTF_8);
+String decodedUri = UDecoder.URLDecode(normalizedUri, 
B2CConverter.UTF_8);
 
 // Security check to catch attempts to encode /../ sequences
 normalizedUri = RequestUtil.normalize(decodedUri);
diff --git a/java/org/apache/catalina/loader/WebappLoader.java 
b/java/org/apache/catalina/loader/WebappLoader.java
index d2d2751..b39e9c1 100644
--- a/java/org/apache/catalina/loader/WebappLoader.java
+++ b/java/org/apache/catalina/loader/WebappLoader.java
@@ -55,6 +55,7 @@ import org.apache.naming.resources.DirContextURLStreamHandler;
 import org.apache.naming.resources.DirContextURLStreamHandlerFactory;
 import org.apache.naming.resources.Resource;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.UDecoder;
 import org.apache.tomcat.util.compat.JreCompat;
 import org.apache.tomcat.util.modeler.Registry;
@@ -1107,12 +1108,11 @@ public class WebappLoader extends LifecycleMBeanBase
 for (int i = 0; i < repositories.length; i++) {
 String repository = repositories[i].toString();
 if (repository.startsWith("file://"))
-repository = 
UDecoder.URLDecode(repository.substring(7));
+repository = 
UDecoder.URLDecode(repository.substring(7), B2CConverter.ISO_8859_1);
 else if (repository.startsWith("file:"))
-repository = 
UDecoder.URLDecode(repository.substring(5));
+repository = 
UDecoder.URLDecode(repository.substring(5), B2CConverter.ISO_8859_1);
 else if (repository.startsWith("jndi:"))
-repository =
-
servletContext.getRealPath(repository.substring(5));
+repository = 
servletContext.getRealPath(repository.substring(5));
 else
 continue;
 if (repository == null)
diff --git a/test/org/apache/catalina/util/TestRequestUtil.java 
b/test/org/apache/catalina/util/TestRequestUtil.java
index a566737..1974587 100644
--- a/test/org/apache/catalina/util/TestRequestUtil.java
+++ b/test/org/apache/catalina/util/TestRequestUtil.java
@@ -26,7 +26,7 @@ public class TestRequestUtil {
 // %n rather than %nn should throw an IAE according to the Javadoc
 Exception exception = null;
 try {
-RequestUtil.URLDecode("%5x");
+RequestUtil.URLDecode("%5x", "UTF-8");
 } catch (Exception e) {
 exception = e;
 }
@@ -35,7 +35,7 @@ public class TestRequestUtil {
 // Edge case trying to trigger ArrayIndexOutOfBoundsException
 exception = null;
 try {
-RequestUtil.URLDecode("%5");
+RequestUtil.URLDecode("%5", "UTF-8");
 } catch (Exception e) {
 exception = e;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/04: Make all calls to URLDecode use an explicit character set

2020-03-16 Thread markt

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 8fcd0518d443ba67f76352adc2b28a62b4e8c460
Author: Mark Thomas 
AuthorDate: Mon Mar 16 15:57:13 2020 +

Make all calls to URLDecode use an explicit character set
---
 java/org/apache/catalina/loader/WebappLoader.java | 5 +++--
 test/org/apache/tomcat/util/buf/TestUDecoder.java | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/java/org/apache/catalina/loader/WebappLoader.java 
b/java/org/apache/catalina/loader/WebappLoader.java
index 8ddf716..8d93226 100644
--- a/java/org/apache/catalina/loader/WebappLoader.java
+++ b/java/org/apache/catalina/loader/WebappLoader.java
@@ -25,6 +25,7 @@ import java.io.IOException;
 import java.lang.reflect.Constructor;
 import java.net.URL;
 import java.net.URLClassLoader;
+import java.nio.charset.StandardCharsets;
 
 import javax.management.ObjectName;
 import javax.servlet.ServletContext;
@@ -612,9 +613,9 @@ public class WebappLoader extends LifecycleMBeanBase
 for (int i = 0; i < repositories.length; i++) {
 String repository = repositories[i].toString();
 if (repository.startsWith("file://"))
-repository = 
UDecoder.URLDecode(repository.substring(7));
+repository = 
UDecoder.URLDecode(repository.substring(7), StandardCharsets.ISO_8859_1);
 else if (repository.startsWith("file:"))
-repository = 
UDecoder.URLDecode(repository.substring(5));
+repository = 
UDecoder.URLDecode(repository.substring(5), StandardCharsets.ISO_8859_1);
 else
 continue;
 if (repository == null)
diff --git a/test/org/apache/tomcat/util/buf/TestUDecoder.java 
b/test/org/apache/tomcat/util/buf/TestUDecoder.java
index d3264c2..ca7dd23 100644
--- a/test/org/apache/tomcat/util/buf/TestUDecoder.java
+++ b/test/org/apache/tomcat/util/buf/TestUDecoder.java
@@ -28,7 +28,7 @@ public class TestUDecoder {
 // %n rather than %nn should throw an IAE according to the Javadoc
 Exception exception = null;
 try {
-UDecoder.URLDecode("%5x");
+UDecoder.URLDecode("%5x", StandardCharsets.UTF_8);
 } catch (Exception e) {
 exception = e;
 }
@@ -37,7 +37,7 @@ public class TestUDecoder {
 // Edge case trying to trigger ArrayIndexOutOfBoundsException
 exception = null;
 try {
-UDecoder.URLDecode("%5");
+UDecoder.URLDecode("%5", StandardCharsets.UTF_8);
 } catch (Exception e) {
 exception = e;
 }


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/04: Make all calls to URLDecode use an explicit character set

[tomcat] 01/04: Make all calls to URLDecode use an explicit character set

2 matches

Site Navigation

Mail list logo

Footer information