tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http HttpProcessor.java
Date Mon, 16 Jul 2001 21:55:17 GMT
remm        01/07/16 14:55:17

  Modified:    catalina/src/share/org/apache/catalina/connector/http
                        HttpProcessor.java
  Log:
  - Quick and dirty normalization of the URI. Obviously the code is not
    optimized. I will write (errr, cut & paste from TC 3.3 code, actually) an
    optimized version when I refactor the connector to port it to Coyote.
    Unfortunately, I lost my prototype work in my HD crash this WE, so it will get
    delayed a bit (I'm lucky I had committed my Coyote changes already).
  - I hope the fix is adequate (Craig ?). Since the URI gets normalized way before
    going in the mapper, it should be.
  
  Revision  Changes    Path
  1.29      +80 -5     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java
  
  Index: HttpProcessor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
  retrieving revision 1.28
  retrieving revision 1.29
  diff -u -r1.28 -r1.29
  --- HttpProcessor.java	2001/06/18 23:28:39	1.28
  +++ HttpProcessor.java	2001/07/16 21:55:17	1.29
  @@ -1,6 +1,6 @@
  -/* * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
1.28 2001/06/18 23:28:39 remm Exp $
  - * $Revision: 1.28 $
  - * $Date: 2001/06/18 23:28:39 $
  +/* * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
1.29 2001/07/16 21:55:17 remm Exp $
  + * $Revision: 1.29 $
  + * $Date: 2001/07/16 21:55:17 $
    *
    * ====================================================================
    *
  @@ -106,7 +106,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.28 $ $Date: 2001/06/18 23:28:39 $
  + * @version $Revision: 1.29 $ $Date: 2001/07/16 21:55:17 $
    */
   
   final class HttpProcessor
  @@ -773,16 +773,91 @@
   	    request.setRequestedSessionURL(false);
   	}
   
  +        // Normalize URI (using String operations at the moment)
  +        String normalizedUri = normalize(uri);
  +        if (debug >= 1)
  +            log("Normalized: '" + uri + "' to '" + normalizedUri + "'");
  +
  +        if (normalizedUri == null) {
  +	    log(" Invalid request URI: '" + uri + "'");
  +            throw new IOException("Invalid URI: " + uri + "'");
  +        }
  +
   	// Set the corresponding request properties
   	((HttpRequest) request).setMethod(method);
   	request.setProtocol(protocol);
  -	((HttpRequest) request).setRequestURI(uri);
  +	((HttpRequest) request).setRequestURI(normalizedUri);
   	request.setSecure(connector.getSecure());
   	request.setScheme(connector.getScheme());
   
   	if (debug >= 1)
   	    log(" Request is '" + method + "' for '" + uri +
   		"' with protocol '" + protocol + "'");
  +
  +    }
  +
  +
  +    /**
  +     * Return a context-relative path, beginning with a "/", that represents
  +     * the canonical version of the specified path after ".." and "." elements
  +     * are resolved out.  If the specified path attempts to go outside the
  +     * boundaries of the current context (i.e. too many ".." path elements
  +     * are present), return <code>null</code> instead.
  +     *
  +     * @param path Path to be normalized
  +     */
  +    protected String normalize(String path) {
  +
  +        if (path == null)
  +            return null;
  +
  +        // Create a place for the normalized path
  +        String normalized = path;
  +
  +        if (normalized == null)
  +            return (null);
  +
  +        if (normalized.equals("/."))
  +            return "/";
  +
  +	// Normalize the slashes and add leading slash if necessary
  +	if (normalized.indexOf('\\') >= 0)
  +	    normalized = normalized.replace('\\', '/');
  +	if (!normalized.startsWith("/"))
  +	    normalized = "/" + normalized;
  +
  +	// Resolve occurrences of "//" in the normalized path
  +	while (true) {
  +	    int index = normalized.indexOf("//");
  +	    if (index < 0)
  +		break;
  +	    normalized = normalized.substring(0, index) +
  +		normalized.substring(index + 1);
  +	}
  +
  +	// Resolve occurrences of "/./" in the normalized path
  +	while (true) {
  +	    int index = normalized.indexOf("/./");
  +	    if (index < 0)
  +		break;
  +	    normalized = normalized.substring(0, index) +
  +		normalized.substring(index + 2);
  +	}
  +
  +	// Resolve occurrences of "/../" in the normalized path
  +	while (true) {
  +	    int index = normalized.indexOf("/../");
  +	    if (index < 0)
  +		break;
  +	    if (index == 0)
  +		return (null);	// Trying to go outside our context
  +	    int index2 = normalized.lastIndexOf('/', index - 1);
  +	    normalized = normalized.substring(0, index2) +
  +		normalized.substring(index + 3);
  +	}
  +
  +	// Return the normalized path that we have completed
  +	return (normalized);
   
       }
   
  
  
  

Mime
View raw message