remm 2003/03/15 03:37:05
Modified: coyote/src/java/org/apache/coyote/tomcat4 CoyoteAdapter.java
coyote/src/java/org/apache/coyote/tomcat5 CoyoteAdapter.java
Log:
- Return 400 for decoded URLs which don't start with '/'.
Revision Changes Path
1.16 +9 -4
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java
Index: CoyoteAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteAdapter.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- CoyoteAdapter.java 12 Mar 2003 07:41:04 -0000 1.15
+++ CoyoteAdapter.java 15 Mar 2003 11:37:05 -0000 1.16
@@ -498,6 +498,11 @@
return false;
}
+ // The URL must start with '/'
+ if (b[start] != (byte) '/') {
+ return false;
+ }
+
// Replace "//" with "/"
for (pos = start; pos < (end - 1); pos++) {
if ((b[pos] == (byte) '/') && (b[pos + 1] == (byte) '/')) {
1.15 +9 -4
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java
Index: CoyoteAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- CoyoteAdapter.java 13 Mar 2003 10:05:10 -0000 1.14
+++ CoyoteAdapter.java 15 Mar 2003 11:37:05 -0000 1.15
@@ -467,6 +467,11 @@
return false;
}
+ // The URL must start with '/'
+ if (b[start] != (byte) '/') {
+ return false;
+ }
+
// Replace "//" with "/"
for (pos = start; pos < (end - 1); pos++) {
if ((b[pos] == (byte) '/') && (b[pos + 1] == (byte) '/')) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
