tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-frederic Clere <jfcl...@gmail.com>
Subject Re: svn commit: r423967 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Date Thu, 20 Jul 2006 22:00:58 GMT
I will also add the ";" path parameter stripping to mod_jk.

Cheers

Jean-Frederic

remm@apache.org wrote:

>Author: remm
>Date: Thu Jul 20 09:01:41 2006
>New Revision: 423967
>
>URL: http://svn.apache.org/viewvc?rev=423967&view=rev
>Log:
>- Changes to session id parsing so that it is done (as well as ";" path parameter stripping)
before
>  decoding, making it possible to %xx encode ";" in the URL.
>- This can probably be backported to 5.5.x.
>
>Modified:
>    tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
>
>Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
>URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=423967&r1=423966&r2=423967&view=diff
>==============================================================================
>--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java (original)
>+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Thu Jul
20 09:01:41 2006
>@@ -293,11 +293,21 @@
>             req.serverName().setString(proxyName);
>         }
> 
>+        // Parse session Id
>+        parseSessionId(req, request);
>+
>         // URI decoding
>         MessageBytes decodedURI = req.decodedURI();
>         decodedURI.duplicate(req.requestURI());
> 
>         if (decodedURI.getType() == MessageBytes.T_BYTES) {
>+            // Remove any path parameters
>+            ByteChunk uriBB = decodedURI.getByteChunk();
>+            int semicolon = uriBB.indexOf(';', 0);
>+            if (semicolon > 0) {
>+                decodedURI.setBytes
>+                    (uriBB.getBuffer(), uriBB.getStart(), semicolon);
>+            }
>             // %xx decoding of the URL
>             try {
>                 req.getURLDecoder().convert(decodedURI, false);
>@@ -319,6 +329,13 @@
>             // protocol handler, we have to assume the URL has been properly
>             // decoded already
>             decodedURI.toChars();
>+            // Remove any path parameters
>+            CharChunk uriCC = decodedURI.getCharChunk();
>+            int semicolon = uriCC.indexOf(';');
>+            if (semicolon > 0) {
>+                decodedURI.setChars
>+                    (uriCC.getBuffer(), uriCC.getStart(), semicolon);
>+            }
>         }
> 
>         // Set the remote principal
>@@ -333,19 +350,6 @@
>             request.setAuthType(authtype);
>         }
> 
>-        // Parse session Id
>-        parseSessionId(req, request);
>-
>-        // Remove any remaining parameters (other than session id, which has
>-        // already been removed in parseSessionId()) from the URI, so they
>-        // won't be considered by the mapping algorithm.
>-        CharChunk uriCC = decodedURI.getCharChunk();
>-        int semicolon = uriCC.indexOf(';');
>-        if (semicolon > 0) {
>-            decodedURI.setChars
>-                (uriCC.getBuffer(), uriCC.getStart(), semicolon);
>-        }
>-
>         // Request mapping.
>         MessageBytes serverName;
>         if (connector.getUseIPVHosts()) {
>@@ -420,49 +424,35 @@
>      */
>     protected void parseSessionId(org.apache.coyote.Request req, Request request) {
> 
>-        CharChunk uriCC = req.decodedURI().getCharChunk();
>-        int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
>+        ByteChunk uriBC = req.requestURI().getByteChunk();
>+        int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
> 
>         if (semicolon > 0) {
> 
>             // Parse session ID, and extract it from the decoded request URI
>-            int start = uriCC.getStart();
>-            int end = uriCC.getEnd();
>+            int start = uriBC.getStart();
>+            int end = uriBC.getEnd();
> 
>-            int sessionIdStart = start + semicolon + match.length();
>-            int semicolon2 = uriCC.indexOf(';', sessionIdStart);
>+            int sessionIdStart = semicolon + match.length();
>+            int semicolon2 = uriBC.indexOf(';', sessionIdStart);
>             if (semicolon2 >= 0) {
>                 request.setRequestedSessionId
>-                    (new String(uriCC.getBuffer(), sessionIdStart, 
>-                                semicolon2 - semicolon - match.length()));
>+                    (new String(uriBC.getBuffer(), start + sessionIdStart, 
>+                            semicolon2 - sessionIdStart));
>+                // Extract session ID from request URI
>+                byte[] buf = uriBC.getBuffer();
>+                for (int i = 0; i < end - start - semicolon2; i++) {
>+                    buf[start + semicolon + i] 
>+                        = buf[start + i + semicolon2];
>+                }
>+                uriBC.setBytes(buf, start, end - start - semicolon2 + semicolon);
>             } else {
>                 request.setRequestedSessionId
>-                    (new String(uriCC.getBuffer(), sessionIdStart, 
>-                                end - sessionIdStart));
>-            }
>-            request.setRequestedSessionURL(true);
>-
>-            // Extract session ID from request URI
>-            ByteChunk uriBC = req.requestURI().getByteChunk();
>-            start = uriBC.getStart();
>-            end = uriBC.getEnd();
>-            semicolon = uriBC.indexOf(match, 0, match.length(), 0);
>-
>-            if (semicolon > 0) {
>-                sessionIdStart = start + semicolon;
>-                semicolon2 = uriCC.indexOf
>-                    (';', start + semicolon + match.length());
>+                    (new String(uriBC.getBuffer(), start + sessionIdStart, 
>+                            (end - start) - sessionIdStart));
>                 uriBC.setEnd(start + semicolon);
>-                byte[] buf = uriBC.getBuffer();
>-                if (semicolon2 >= 0) {
>-                    for (int i = 0; i < end - start - semicolon2; i++) {
>-                        buf[start + semicolon + i] 
>-                            = buf[start + i + semicolon2];
>-                    }
>-                    uriBC.setBytes(buf, start, semicolon 
>-                                   + (end - start - semicolon2));
>-                }
>             }
>+            request.setRequestedSessionURL(true);
> 
>         } else {
>             request.setRequestedSessionId(null);
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message