tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5 CoyoteAdapter.java CoyoteConnector.java
Date Thu, 10 Oct 2002 09:07:34 GMT
remm        2002/10/10 02:07:34

  Modified:    coyote/src/java/org/apache/coyote/tomcat5 CoyoteAdapter.java
                        CoyoteConnector.java
  Log:
  - Remove slow and ugly 4.0.x only code.
  
  Revision  Changes    Path
  1.4       +4 -105    jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java
  
  Index: CoyoteAdapter.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- CoyoteAdapter.java	4 Oct 2002 19:27:09 -0000	1.3
  +++ CoyoteAdapter.java	10 Oct 2002 09:07:33 -0000	1.4
  @@ -286,22 +286,6 @@
           // Parse session Id
           parseSessionId(req, request);
   
  -        // Additional URI normalization and validation is needed for security 
  -        // reasons on Tomcat 4.0.x
  -        if (connector.getUseURIValidationHack()) {
  -            String uri = validate(request.getRequestURI());
  -            if (uri == null) {
  -                res.setStatus(400);
  -                res.setMessage("Invalid URI");
  -                throw new IOException("Invalid URI");
  -            } else {
  -                req.requestURI().setString(uri);
  -                // Redoing the URI decoding
  -                req.decodedURI().duplicate(req.requestURI());
  -                req.getURLDecoder().convert(req.decodedURI(), true);
  -            }
  -        }
  -
           // Parse cookies
           parseCookies(req, request);
   	
  @@ -391,91 +375,6 @@
           }
   
           request.setCookies(cookies);
  -
  -    }
  -
  -
  -    /**
  -     * Return a context-relative path, beginning with a "/", that represents
  -     * the canonical version of the specified path after ".." and "." elements
  -     * are resolved out.  If the specified path attempts to go outside the
  -     * boundaries of the current context (i.e. too many ".." path elements
  -     * are present), return <code>null</code> instead.
  -     * This code is not optimized, and is only needed for Tomcat 4.0.x.
  -     *
  -     * @param path Path to be validated
  -     */
  -    protected static String validate(String path) {
  -
  -        if (path == null)
  -            return null;
  -
  -        // Create a place for the normalized path
  -        String normalized = path;
  -
  -        // Normalize "/%7E" and "/%7e" at the beginning to "/~"
  -        if (normalized.startsWith("/%7E") ||
  -            normalized.startsWith("/%7e"))
  -            normalized = "/~" + normalized.substring(4);
  -
  -        // Prevent encoding '%', '/', '.' and '\', which are special reserved
  -        // characters
  -        if ((normalized.indexOf("%25") >= 0)
  -            || (normalized.indexOf("%2F") >= 0)
  -            || (normalized.indexOf("%2E") >= 0)
  -            || (normalized.indexOf("%5C") >= 0)
  -            || (normalized.indexOf("%2f") >= 0)
  -            || (normalized.indexOf("%2e") >= 0)
  -            || (normalized.indexOf("%5c") >= 0)) {
  -            return null;
  -        }
  -
  -        if (normalized.equals("/."))
  -            return "/";
  -
  -        // Normalize the slashes and add leading slash if necessary
  -        if (normalized.indexOf('\\') >= 0)
  -            normalized = normalized.replace('\\', '/');
  -        if (!normalized.startsWith("/"))
  -            normalized = "/" + normalized;
  -
  -        // Resolve occurrences of "//" in the normalized path
  -        while (true) {
  -            int index = normalized.indexOf("//");
  -            if (index < 0)
  -                break;
  -            normalized = normalized.substring(0, index) +
  -                normalized.substring(index + 1);
  -        }
  -
  -        // Resolve occurrences of "/./" in the normalized path
  -        while (true) {
  -            int index = normalized.indexOf("/./");
  -            if (index < 0)
  -                break;
  -            normalized = normalized.substring(0, index) +
  -                normalized.substring(index + 2);
  -        }
  -
  -        // Resolve occurrences of "/../" in the normalized path
  -        while (true) {
  -            int index = normalized.indexOf("/../");
  -            if (index < 0)
  -                break;
  -            if (index == 0)
  -                return (null);  // Trying to go outside our context
  -            int index2 = normalized.lastIndexOf('/', index - 1);
  -            normalized = normalized.substring(0, index2) +
  -                normalized.substring(index + 3);
  -        }
  -
  -        // Declare occurrences of "/..." (three or more dots) to be invalid
  -        // (on some Windows platforms this walks the directory tree!!!)
  -        if (normalized.indexOf("/...") >= 0)
  -            return (null);
  -
  -        // Return the normalized path that we have completed
  -        return (normalized);
   
       }
   
  
  
  
  1.2       +4 -32     jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteConnector.java
  
  Index: CoyoteConnector.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteConnector.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- CoyoteConnector.java	4 Aug 2002 19:39:49 -0000	1.1
  +++ CoyoteConnector.java	10 Oct 2002 09:07:33 -0000	1.2
  @@ -306,12 +306,6 @@
   
   
       /**
  -     * Use URI validation for Tomcat 5.0.x.
  -     */
  -    private boolean useURIValidationHack = true;
  -
  -
  -    /**
        * Coyote protocol handler.
        */
       private ProtocolHandler protocolHandler = null;
  @@ -785,28 +779,6 @@
       public void setTcpNoDelay(boolean tcpNoDelay) {
   
           this.tcpNoDelay = tcpNoDelay;
  -
  -    }
  -
  -
  -    /**
  -     * Return the value of the Uri validation flag.
  -     */
  -    public boolean getUseURIValidationHack() {
  -
  -        return (this.useURIValidationHack);
  -
  -    }
  -
  -
  -    /**
  -     * Set the value of the Uri validation flag.
  -     * 
  -     * @param useURIValidationHack The new flag value
  -     */
  -    public void setUseURIValidationHack(boolean useURIValidationHack) {
  -
  -        this.useURIValidationHack = useURIValidationHack;
   
       }
   
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message