Author: markt Date: Sun Jul 29 20:33:16 2012 New Revision: 1366946 URL: http://svn.apache.org/viewvc?rev=1366946&view=rev Log: Partial fix for https://issues.apache.org/bugzilla/show_bug.cgi?id=53469 If the relative URL can't be made absolute, do not encode it and return it as is
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1366945 Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java?rev=1366946&r1=1366945&r2=1366946&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/connector/Response.java Sun Jul 29 20:33:16 2012 @@ -1242,7 +1242,14 @@ public class Response @Override public String encodeURL(String url) { - String absolute = toAbsolute(url); + String absolute; + try { + absolute = toAbsolute(url); + } catch (IllegalArgumentException iae) { + // Relative URL + return url; + } + if (isEncodeable(absolute)) { // W3c spec clearly said if (url.equalsIgnoreCase("")) { @@ -1810,7 +1817,7 @@ public class Response if (index < 0) { break; } - // Prevent from going outside our context + // Can't go above the server root if (index == startIndex) { throw new IllegalArgumentException(); } @@ -1827,7 +1834,7 @@ public class Response index = index2; } - // Add the query string (if present) back in + // Add the query string and/or fragment (if present) back in if (truncateCC != null) { try { cc.append(truncateCC, 0, truncateCC.length); Modified: tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1366946&r1=1366945&r2=1366946&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java (original) +++ tomcat/tc7.0.x/trunk/test/org/apache/catalina/connector/TestResponse.java Sun Jul 29 20:33:16 2012 @@ -364,6 +364,30 @@ public class TestResponse extends Tomcat } + @Test + public void testBug53469a() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.encodeURL("../bar.html"); + + Assert.assertEquals("../bar.html", result); + } + + + @Test + public void testBug53469b() throws Exception { + Request req = new TesterMockRequest(); + Response resp = new Response(); + resp.setRequest(req); + + String result = resp.encodeURL("../../../../bar.html"); + + Assert.assertEquals("../../../../bar.html", result); + } + + private static final class Bug52811Servlet extends HttpServlet { private static final long serialVersionUID = 1L; Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1366946&r1=1366945&r2=1366946&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Sun Jul 29 20:33:16 2012 @@ -63,6 +63,13 @@ when request processing completes. (kkolinko) </fix> <fix> + <bug>53469</bug>: If a URL passed to + <code>javax.servlet.http.HttpServletResponse.encodeURL()</code> cannot + be made absolute, never encode it and return it unchanged. Previously, + the fix for <bug>53062</bug> meant than an + <code>IllegalArgumentException</code> was thrown. (markt) + </fix> + <fix> <bug>53498</bug>: Fix atomicity bugs in use of concurrent collections. Based on a patch by Yu Lin. (markt) </fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org