This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 408f6da609 Align escaping ExtendedAccessLogValve with the other
implementations
408f6da609 is described below
commit 408f6da609d4353d8f3a520231dce7f8358fd545
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Apr 8 12:23:07 2026 +0100
Align escaping ExtendedAccessLogValve with the other implementations
---
.../catalina/valves/ExtendedAccessLogValve.java | 31 +++++++++++++++-------
webapps/docs/changelog.xml | 4 +++
2 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
index a0c70a499d..fe9a285df4 100644
--- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
+++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
@@ -593,21 +593,34 @@ public class ExtendedAccessLogValve extends
AccessLogValve {
return new RequestURIElement();
} else if ("query".equals(token)) {
return (buf, request, res, l) -> {
- String query = request.getQueryString();
- if (query != null) {
- buf.append(query);
- } else {
+ String query = null;
+ if (request != null) {
+ query = request.getQueryString();
+ }
+ if (query == null) {
buf.append('-');
+ } else if (query.isEmpty()) {
+ // NO-OP
+ // Don't want to write "-" if the query string
is present but empty
+ } else {
+ escapeAndAppend(query, buf, true);
}
};
}
} else {
return (buf, request, res, l) -> {
- String query = request.getQueryString();
- buf.append(request.getRequestURI());
- if (query != null) {
- buf.append('?');
- buf.append(request.getQueryString());
+ if (request != null) {
+ escapeAndAppend(request.getRequestURI(), buf);
+ String query = request.getQueryString();
+ if (query != null) {
+ buf.append('?');
+ // Don't want to write "-" if the query string
is present but empty
+ if (!query.isEmpty()) {
+ buf.append(request.getQueryString());
+ }
+ }
+ } else {
+ buf.append('-');
}
};
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 41ea360c95..d29a32f0c7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -199,6 +199,10 @@
could appear in the access log rather than <code>?</code> when the
query
string was present but empty. (markt)
</fix>
+ <fix>
+ Align the escaping in <code>ExtendedAccessLogValve</code> with the
other
+ <code>AccessLogValve</code> implementations. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
