Author: markt
Date: Wed Jul 30 13:38:44 2008
New Revision: 681197
URL: http://svn.apache.org/viewvc?rev=681197&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43079 and
https://issues.apache.org/bugzilla/show_bug.cgi?id=43080
Move odd url-pattern warning to StandardContext so a) we catch all patterns and
b) it isn't logged to the wrong webapp
Based on a patch by John Kew
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/StandardContext.java
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/deploy/SecurityCollection.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/current/tc5.5.x/STATUS.txt
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/StandardContext.java?rev=681197&r1=681196&r2=681197&view=diff
==============================================================================
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/StandardContext.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/core/StandardContext.java
Wed Jul 30 13:38:44 2008
@@ -4837,20 +4837,38 @@
getLogger().warn(sm.getString("standardContext.crlfinurl",urlPattern));
}
if (urlPattern.startsWith("*.")) {
- if (urlPattern.indexOf('/') < 0)
+ if (urlPattern.indexOf('/') < 0) {
+ checkUnusualURLPattern(urlPattern);
return (true);
- else
+ } else
return (false);
}
if ( (urlPattern.startsWith("/")) &&
- (urlPattern.indexOf("*.") < 0))
+ (urlPattern.indexOf("*.") < 0)) {
+ checkUnusualURLPattern(urlPattern);
return (true);
- else
+ } else
return (false);
}
+ /**
+ * Check for unusual but valid <code><url-pattern></code>s.
+ * See Bugzilla 34805, 43079 & 43080
+ */
+ private void checkUnusualURLPattern(String urlPattern) {
+ if (log.isInfoEnabled()) {
+ if(urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
+ urlPattern.charAt(urlPattern.length()-2) != '/')) {
+ log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
+ " in context [" + getName() + "] - see" +
+ " section SRV.11.2 of the Servlet specification" );
+ }
+ }
+ }
+
+
// ------------------------------------------------------------- Operations
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/deploy/SecurityCollection.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/deploy/SecurityCollection.java?rev=681197&r1=681196&r2=681197&view=diff
==============================================================================
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/deploy/SecurityCollection.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/deploy/SecurityCollection.java
Wed Jul 30 13:38:44 2008
@@ -21,9 +21,6 @@
import org.apache.catalina.util.RequestUtil;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
import java.io.Serializable;
@@ -44,9 +41,6 @@
public class SecurityCollection implements Serializable {
- private static Log log = LogFactory.getLog(SecurityCollection.class);
-
-
// ----------------------------------------------------------- Constructors
@@ -188,17 +182,6 @@
if (pattern == null)
return;
- // Bugzilla 34805: add friendly warning.
- if(pattern.endsWith("*")) {
- if (pattern.charAt(pattern.length()-1) != '/') {
- if (log.isDebugEnabled()) {
- log.warn("Suspicious url pattern: \"" + pattern + "\"" +
- " - see
http://java.sun.com/aboutJava/communityprocess/first/jsr053/servlet23_PFD.pdf"; +
- " section 11.2" );
- }
- }
- }
-
pattern = RequestUtil.URLDecode(pattern);
String results[] = new String[patterns.length + 1];
for (int i = 0; i < patterns.length; i++) {
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=681197&r1=681196&r2=681197&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Wed Jul 30 13:38:44 2008
@@ -54,6 +54,14 @@
context.xml files. (markt)
</fix>
<fix>
+ <bug>43079</bug>: Correct pattern verification for suspicious URLs.
+ Patch provided by John Kew. (markt)
+ </fix>
+ <fix>
+ <bug>43080</bug>: Log suspicious URL pattern warnings to the correct
+ web application. (markt)
+ </fix>
+ <fix>
<bug>43117</bug>: Setting an empty workDIR could delete all of
CATALINA_HOME. Patch provided by Takayuki Kaneko. (markt)
</fix>
Modified: tomcat/current/tc5.5.x/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/current/tc5.5.x/STATUS.txt?rev=681197&r1=681196&r2=681197&view=diff
==============================================================================
--- tomcat/current/tc5.5.x/STATUS.txt (original)
+++ tomcat/current/tc5.5.x/STATUS.txt Wed Jul 30 13:38:44 2008
@@ -86,15 +86,6 @@
+1: markt, yoavs
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43079
- and https://issues.apache.org/bugzilla/show_bug.cgi?id=43080
- http://svn.apache.org/viewvc?rev=653195&view=rev
- Move odd url-pattern warning to StandardContext so a) we catch all patterns
- and b) it isn't logged to the wrong webapp
- Based on a patch by John Kew
- +1: markt, fhanik, yoavs
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=44021
and https://issues.apache.org/bugzilla/show_bug.cgi?id=43013
Add support for # to signify multi-level contexts for directories and
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
