jericho 2003/01/29 19:20:05 Modified: httpclient/src/java/org/apache/commons/httpclient URI.java Log: - Throw an parsing exception, when there is no more higher path level. Suggested by "Eric Johnson" <[EMAIL PROTECTED]> "Imagine, for example, that your client application follows a link in an HTML that generated this URL, and the file "g" actually exists on the server. Everything will appear to be operating correctly, but it is not." Reported by "Armando Anton" <[EMAIL PROTECTED]> Revision Changes Path 1.29 +28 -20 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/URI.java Index: URI.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/URI.java,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- URI.java 30 Jan 2003 00:08:42 -0000 1.28 +++ URI.java 30 Jan 2003 03:20:04 -0000 1.29 @@ -2801,8 +2801,10 @@ * @param base_path a character array of the base_path * @param rel_path a character array of the rel_path * @return the resolved path + * @exception URIException no more higher path level to be resolved */ - protected char[] resolvePath(char[] base_path, char[] rel_path) { + protected char[] resolvePath(char[] base_path, char[] rel_path) + throws URIException { // REMINDME: paths are never null String base = (base_path == null) ? "" : new String(base_path); @@ -3288,8 +3290,9 @@ * * @param path the path to normalize * @return the normalized path + * @exception URIException no more higher path level to be normalized */ - protected char[] normalize(char[] path) { + protected char[] normalize(char[] path) throws URIException { if (path == null) return null; @@ -3312,15 +3315,27 @@ normalized = normalized.substring(0, at) + normalized.substring(at + 2); } - // Resolve occurrences of "/../" in the normalized path while (true) { - int at = normalized.indexOf("/../"); + // Resolve occurrences of "//" in the normalized path + int at = normalized.indexOf("//"); + if (at != -1) { + normalized = normalized.substring(0, at) + + normalized.substring(at+ 1); + continue; + } + // Resolve occurrences of "/../" in the normalized path + at = normalized.indexOf("/../"); if (at == -1) { break; } if (at == 0) { - normalized = "/"; - break; + // no more higher path level to be normalized + if (!endsWithSlash && normalized.endsWith("/")) { + normalized = normalized.substring(0, normalized.length()-1); + } else if (endsWithSlash && !normalized.endsWith("/")) { + normalized = normalized + "/"; + } + throw new URIException(URIException.PARSING, new String(path)); } int backward = normalized.lastIndexOf('/', at - 1); if (backward == -1) { @@ -3331,15 +3346,6 @@ normalized.substring(at + 3); } } - // Resolve occurrences of "//" in the normalized path - while (true) { - int at = normalized.indexOf("//"); - if (at == -1) { - break; - } - normalized = normalized.substring(0, at) + - normalized.substring(at + 1); - } if (!endsWithSlash && normalized.endsWith("/")) { normalized = normalized.substring(0, normalized.length()-1); } else if (endsWithSlash && !normalized.endsWith("/")) { @@ -3352,8 +3358,10 @@ /** * Normalize the path part of this URI. + * + * @exception URIException no more higher path level to be normalized */ - public void normalize() { + public void normalize() throws URIException { _path = normalize(_path); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]