Author: remm
Date: Thu Jul 27 08:03:46 2006
New Revision: 426096
URL: http://svn.apache.org/viewvc?rev=426096&view=rev
Log:
- Backport.
- Allow ';' in the URL if properly %xx encoded.
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java?rev=426096&r1=426095&r2=426096&view=diff
==============================================================================
---
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/CoyoteAdapter.java
Thu Jul 27 08:03:46 2006
@@ -205,11 +205,21 @@
req.serverName().setString(proxyName);
}
+ // Parse session Id
+ parseSessionId(req, request);
+
// URI decoding
MessageBytes decodedURI = req.decodedURI();
decodedURI.duplicate(req.requestURI());
if (decodedURI.getType() == MessageBytes.T_BYTES) {
+ // Remove any path parameters
+ ByteChunk uriBB = decodedURI.getByteChunk();
+ int semicolon = uriBB.indexOf(';', 0);
+ if (semicolon > 0) {
+ decodedURI.setBytes
+ (uriBB.getBuffer(), uriBB.getStart(), semicolon);
+ }
// %xx decoding of the URL
try {
req.getURLDecoder().convert(decodedURI, false);
@@ -231,6 +241,13 @@
// protocol handler, we have to assume the URL has been properly
// decoded already
decodedURI.toChars();
+ // Remove any path parameters
+ CharChunk uriCC = decodedURI.getCharChunk();
+ int semicolon = uriCC.indexOf(';');
+ if (semicolon > 0) {
+ decodedURI.setChars
+ (uriCC.getBuffer(), uriCC.getStart(), semicolon);
+ }
}
// Set the remote principal
@@ -245,9 +262,6 @@
request.setAuthType(authtype);
}
- // Parse session Id
- parseSessionId(req, request);
-
// Remove any remaining parameters (other than session id, which has
// already been removed in parseSessionId()) from the URI, so they
// won't be considered by the mapping algorithm.
@@ -332,49 +346,35 @@
*/
protected void parseSessionId(org.apache.coyote.Request req, Request
request) {
- CharChunk uriCC = req.decodedURI().getCharChunk();
- int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
+ ByteChunk uriBC = req.requestURI().getByteChunk();
+ int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
if (semicolon > 0) {
// Parse session ID, and extract it from the decoded request URI
- int start = uriCC.getStart();
- int end = uriCC.getEnd();
+ int start = uriBC.getStart();
+ int end = uriBC.getEnd();
- int sessionIdStart = start + semicolon + match.length();
- int semicolon2 = uriCC.indexOf(';', sessionIdStart);
+ int sessionIdStart = semicolon + match.length();
+ int semicolon2 = uriBC.indexOf(';', sessionIdStart);
if (semicolon2 >= 0) {
request.setRequestedSessionId
- (new String(uriCC.getBuffer(), sessionIdStart,
- semicolon2 - semicolon - match.length()));
+ (new String(uriBC.getBuffer(), start + sessionIdStart,
+ semicolon2 - sessionIdStart));
+ // Extract session ID from request URI
+ byte[] buf = uriBC.getBuffer();
+ for (int i = 0; i < end - start - semicolon2; i++) {
+ buf[start + semicolon + i]
+ = buf[start + i + semicolon2];
+ }
+ uriBC.setBytes(buf, start, end - start - semicolon2 +
semicolon);
} else {
request.setRequestedSessionId
- (new String(uriCC.getBuffer(), sessionIdStart,
- end - sessionIdStart));
- }
- request.setRequestedSessionURL(true);
-
- // Extract session ID from request URI
- ByteChunk uriBC = req.requestURI().getByteChunk();
- start = uriBC.getStart();
- end = uriBC.getEnd();
- semicolon = uriBC.indexOf(match, 0, match.length(), 0);
-
- if (semicolon > 0) {
- sessionIdStart = start + semicolon;
- semicolon2 = uriCC.indexOf
- (';', start + semicolon + match.length());
+ (new String(uriBC.getBuffer(), start + sessionIdStart,
+ (end - start) - sessionIdStart));
uriBC.setEnd(start + semicolon);
- byte[] buf = uriBC.getBuffer();
- if (semicolon2 >= 0) {
- for (int i = 0; i < end - start - semicolon2; i++) {
- buf[start + semicolon + i]
- = buf[start + i + semicolon2];
- }
- uriBC.setBytes(buf, start, semicolon
- + (end - start - semicolon2));
- }
}
+ request.setRequestedSessionURL(true);
} else {
request.setRequestedSessionId(null);
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?rev=426096&r1=426095&r2=426096&view=diff
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Thu Jul 27 08:03:46 2006
@@ -73,6 +73,10 @@
<bug>39592</bug>: Stop HEAD requests for resources handled by SSI
servlet or filter generating stack traces in the logs. (markt)
</fix>
+ <fix>
+ Improve handling of the ';' character in the URL so that it is now
+ allowed if properly %xx encoded. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Webapps">
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
