luehe 2003/02/18 15:49:46
Modified: catalina/src/share/org/apache/catalina/core
ApplicationDispatcher.java
ApplicationHttpRequest.java
Log:
Followup to fix for Bugtraq 4658324:
Only in the case of the forward (not include!) method of the
RequestDispatcher must the path elements of the request object
(including queryString) exposed to the target servlet reflect the path
used to obtain the RequestDispatcher (in the case of the include
method, the path elements of the original request are preserved).
Revision Changes Path
1.10 +6 -5
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java
Index: ApplicationDispatcher.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationDispatcher.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- ApplicationDispatcher.java 12 Feb 2003 17:39:11 -0000 1.9
+++ ApplicationDispatcher.java 18 Feb 2003 23:49:45 -0000 1.10
@@ -467,6 +467,7 @@
wrequest.setAttribute(Globals.FORWARD_QUERY_STRING_ATTR,
queryString);
wrequest.setQueryString(queryString);
+ wrequest.setQueryParams(queryString);
}
// only set the Dispatcher Type to Forward if it has not been set. It
will have
@@ -627,7 +628,7 @@
if (queryString != null) {
wrequest.setAttribute(Globals.INCLUDE_QUERY_STRING_ATTR,
queryString);
- wrequest.setQueryString(queryString);
+ wrequest.setQueryParams(queryString);
}
wrequest.setAttribute(ApplicationFilterFactory.DISPATCHER_TYPE_ATTR,
1.4 +23 -6
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
Index: ApplicationHttpRequest.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- ApplicationHttpRequest.java 12 Feb 2003 17:39:11 -0000 1.3
+++ ApplicationHttpRequest.java 18 Feb 2003 23:49:45 -0000 1.4
@@ -191,6 +191,12 @@
/**
+ * The query parameters for the current request.
+ */
+ private String queryParamString = null;
+
+
+ /**
* Have the parameters for this request already been parsed?
*/
private boolean parsedParams = false;
@@ -544,6 +550,17 @@
}
+ /**
+ * Save query parameters for this request.
+ *
+ * @param queryString The query string containing parameters for this
+ * request
+ */
+ void setQueryParams(String queryString) {
+ this.queryParamString = queryString;
+ }
+
+
// ------------------------------------------------------ Protected Methods
@@ -613,7 +630,7 @@
*/
private void mergeParameters() {
- if ((queryString == null) || (queryString.length() < 1))
+ if ((queryParamString == null) || (queryParamString.length() < 1))
return;
HashMap queryParameters = new HashMap();
@@ -622,7 +639,7 @@
encoding = "ISO-8859-1";
try {
RequestUtil.parseParameters
- (queryParameters, queryString, encoding);
+ (queryParameters, queryParamString, encoding);
} catch (Exception e) {
;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
