Author: olegk Date: Sat Jun 10 03:36:20 2006 New Revision: 413281 URL: http://svn.apache.org/viewvc?rev=413281&view=rev Log: [HTTPCLIENT-494] Invalid redirects are not corrected
Changelog: Invalid redirect location now causes a protocol exception Contributed by Ortwin Glück and Oleg Kalnichevski Reviewed by Roland Weber Added: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java (with props) Modified: jakarta/commons/proper/httpclient/trunk/release_notes.txt jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java Modified: jakarta/commons/proper/httpclient/trunk/release_notes.txt URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/release_notes.txt?rev=413281&r1=413280&r2=413281&view=diff ============================================================================== --- jakarta/commons/proper/httpclient/trunk/release_notes.txt (original) +++ jakarta/commons/proper/httpclient/trunk/release_notes.txt Sat Jun 10 03:36:20 2006 @@ -1,5 +1,8 @@ Changes toward 3.1 + * [HTTPCLIENT-494] - Invalid redirect location now causes a protocol exception + Contributed by Oleg Kalnichevski <olegk at apache.org> + * [HTTPCLIENT-582] - Allow access to registered cookie policies Contributed by Sebastian Bazley <sebb at apache.org> Modified: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java?rev=413281&r1=413280&r2=413281&view=diff ============================================================================== --- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java (original) +++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/HttpMethodDirector.java Sat Jun 10 03:36:20 2006 @@ -611,9 +611,9 @@ } method.setURI(redirectUri); hostConfiguration.setHost(redirectUri); - } catch (URIException e) { - LOG.warn("Redirected location '" + location + "' is malformed"); - return false; + } catch (URIException ex) { + throw new InvalidRedirectLocationException( + "Invalid redirect location: " + location, location, ex); } if (this.params.isParameterFalse(HttpClientParams.ALLOW_CIRCULAR_REDIRECTS)) { Added: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java?rev=413281&view=auto ============================================================================== --- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java (added) +++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java Sat Jun 10 03:36:20 2006 @@ -0,0 +1,73 @@ +/* + * $HeadRL$ + * $Revision$ + * $Date$ + * + * ==================================================================== + * + * Copyright 1999-2006 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * <http://www.apache.org/>. + * + */ + +package org.apache.commons.httpclient; + +/** + * Signals violation of HTTP specification caused by an invalid redirect + * location + * + * @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a> + * + * @since 3.1 + */ +public class InvalidRedirectLocationException extends RedirectException { + + private final String location; + + /** + * Creates a new InvalidRedirectLocationException with the specified detail message. + * + * @param message the exception detail message + * @param location redirect location + */ + public InvalidRedirectLocationException(final String message, final String location) { + super(message); + this.location = location; + } + + /** + * Creates a new RedirectException with the specified detail message and cause. + * + * @param message the exception detail message + * @param location redirect location + * @param cause the <tt>Throwable</tt> that caused this exception, or <tt>null</tt> + * if the cause is unavailable, unknown, or not a <tt>Throwable</tt> + */ + public InvalidRedirectLocationException(final String message, final String location, + final Throwable cause) { + super(message, cause); + this.location = location; + } + + public String getLocation() { + return this.location; + } + +} Propchange: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java ------------------------------------------------------------------------------ svn:keywords = Date Author Id Revision HeadURL Propchange: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/InvalidRedirectLocationException.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Modified: jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java?rev=413281&r1=413280&r2=413281&view=diff ============================================================================== --- jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java (original) +++ jakarta/commons/proper/httpclient/trunk/src/java/org/apache/commons/httpclient/URI.java Sat Jun 10 03:36:20 2006 @@ -1,5 +1,5 @@ /* - * $Header: /home/jerenkrantz/tmp/commons/commons-convert/cvs/home/cvs/jakarta-commons//httpclient/src/java/org/apache/commons/httpclient/URI.java,v 1.47 2004/05/13 04:03:25 mbecke Exp $ + * $HeadURL$ * $Revision$ * $Date$ * @@ -2010,10 +2010,11 @@ _path = null; } } + String s = tmp.substring(from, next); if (escaped) { - setRawPath(tmp.substring(from, next).toCharArray()); + setRawPath(s.toCharArray()); } else { - setPath(tmp.substring(from, next)); + setPath(s); } at = next; } @@ -2034,8 +2035,14 @@ if (next == -1) { next = tmp.length(); } - _query = (escaped) ? tmp.substring(at + 1, next).toCharArray() - : encode(tmp.substring(at + 1, next), allowed_query, charset); + if (escaped) { + _query = tmp.substring(at + 1, next).toCharArray(); + if (!validate(_query, uric)) { + throw new URIException("Invalid query"); + } + } else { + _query = encode(tmp.substring(at + 1, next), allowed_query, charset); + } at = next; } @@ -2215,8 +2222,14 @@ _is_server = _is_hostname = _is_IPv4address = _is_IPv6reference = false; // set a registry-based naming authority - _authority = (escaped) ? original.toString().toCharArray() - : encode(original.toString(), allowed_reg_name, charset); + if (escaped) { + _authority = original.toString().toCharArray(); + if (!validate(_authority, reg_name)) { + throw new URIException("Invalid authority"); + } + } else { + _authority = encode(original.toString(), allowed_reg_name, charset); + } } else { if (original.length() - 1 > next && hasPort && original.charAt(next) == ':') { // not empty Modified: jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java?rev=413281&r1=413280&r2=413281&view=diff ============================================================================== --- jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java (original) +++ jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestRedirects.java Sat Jun 10 03:36:20 2006 @@ -426,6 +426,22 @@ } } + public void testRejectInvalidRedirectLocation() throws IOException { + String host = this.server.getLocalAddress(); + int port = this.server.getLocalPort(); + this.server.setHttpService(new BogusRedirectService("http://"+ host +":"+ port +"/newlocation/?p=I have spaces")); + GetMethod httpget = new GetMethod("/oldlocation/"); + httpget.setFollowRedirects(true); + try { + this.client.executeMethod(httpget); + fail("InvalidRedirectLocationException should have been thrown"); + } catch (InvalidRedirectLocationException e) { + //expected a protocol exception + } finally { + httpget.releaseConnection(); + } + } + public void testCrossSiteRedirect() throws IOException { String host = this.server.getLocalAddress(); int port = this.server.getLocalPort(); Modified: jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java URL: http://svn.apache.org/viewvc/jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java?rev=413281&r1=413280&r2=413281&view=diff ============================================================================== --- jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java (original) +++ jakarta/commons/proper/httpclient/trunk/src/test/org/apache/commons/httpclient/TestURI.java Sat Jun 10 03:36:20 2006 @@ -258,4 +258,24 @@ assertEquals("/test+test", url.getPath()); } + public void testVariousCharacters() throws Exception { + verifyInvalidURI("http://authority:123/path/path?query&name=val ue"); + verifyInvalidURI("http://authority:123/path/path?query&na me=value"); + verifyInvalidURI("http://authority:123/path/path?qu ery&name=value"); + verifyInvalidURI("http://authority:123/path/pa th?query&name=value"); + verifyInvalidURI("http://authority:123/pa th/path?query&name=value"); + verifyInvalidURI("http://authority:12 3/path/path?query&name=value"); + verifyInvalidURI("http://autho rity:123/path/path?query&name=value"); + verifyInvalidURI("htt p://authority:123/path/path?query&name=value"); + } + + private void verifyInvalidURI(String uri) { + try { + new URI(uri, true); + fail("should have thrown URIException"); + } catch(URIException e) { + /* expected */ + } + } + } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]