tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r423967 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Date Thu, 20 Jul 2006 22:31:25 GMT
Guys, let me clarify, you are only paying attention to ';' following the
QUERY_STRING delimiter '?', correct?

';' means nothing special before the '?', double check your interpretation
of RFC 2616.  I can have /foo.bar;bash?v1=a;v2=b (or ...?v1=a&v2=b) and that
semi is part of the foo.bar;bash filename.  Right?

Bill


Jean-frederic Clere wrote:
> I will also add the ";" path parameter stripping to mod_jk.
> 
> Cheers
> 
> Jean-Frederic
> 
> remm@apache.org wrote:
> 
>> Author: remm
>> Date: Thu Jul 20 09:01:41 2006
>> New Revision: 423967
>>
>> URL: http://svn.apache.org/viewvc?rev=423967&view=rev
>> Log:
>> - Changes to session id parsing so that it is done (as well as ";" 
>> path parameter stripping) before
>>  decoding, making it possible to %xx encode ";" in the URL.
>> - This can probably be backported to 5.5.x.
>>
>> Modified:
>>    
>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>>
>>
>> Modified: 
>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>>
>> URL: 
>> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=423967&r1=423966&r2=423967&view=diff

>>
>> ============================================================================== 
>>
>> --- 
>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>> (original)
>> +++ 
>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>> Thu Jul 20 09:01:41 2006
>> @@ -293,11 +293,21 @@
>>             req.serverName().setString(proxyName);
>>         }
>>
>> +        // Parse session Id
>> +        parseSessionId(req, request);
>> +
>>         // URI decoding
>>         MessageBytes decodedURI = req.decodedURI();
>>         decodedURI.duplicate(req.requestURI());
>>
>>         if (decodedURI.getType() == MessageBytes.T_BYTES) {
>> +            // Remove any path parameters
>> +            ByteChunk uriBB = decodedURI.getByteChunk();
>> +            int semicolon = uriBB.indexOf(';', 0);
>> +            if (semicolon > 0) {
>> +                decodedURI.setBytes
>> +                    (uriBB.getBuffer(), uriBB.getStart(), semicolon);
>> +            }
>>             // %xx decoding of the URL
>>             try {
>>                 req.getURLDecoder().convert(decodedURI, false);
>> @@ -319,6 +329,13 @@
>>             // protocol handler, we have to assume the URL has been 
>> properly
>>             // decoded already
>>             decodedURI.toChars();
>> +            // Remove any path parameters
>> +            CharChunk uriCC = decodedURI.getCharChunk();
>> +            int semicolon = uriCC.indexOf(';');
>> +            if (semicolon > 0) {
>> +                decodedURI.setChars
>> +                    (uriCC.getBuffer(), uriCC.getStart(), semicolon);
>> +            }
>>         }
>>
>>         // Set the remote principal
>> @@ -333,19 +350,6 @@
>>             request.setAuthType(authtype);
>>         }
>>
>> -        // Parse session Id
>> -        parseSessionId(req, request);
>> -
>> -        // Remove any remaining parameters (other than session id, 
>> which has
>> -        // already been removed in parseSessionId()) from the URI, so 
>> they
>> -        // won't be considered by the mapping algorithm.
>> -        CharChunk uriCC = decodedURI.getCharChunk();
>> -        int semicolon = uriCC.indexOf(';');
>> -        if (semicolon > 0) {
>> -            decodedURI.setChars
>> -                (uriCC.getBuffer(), uriCC.getStart(), semicolon);
>> -        }
>> -
>>         // Request mapping.
>>         MessageBytes serverName;
>>         if (connector.getUseIPVHosts()) {
>> @@ -420,49 +424,35 @@
>>      */
>>     protected void parseSessionId(org.apache.coyote.Request req, 
>> Request request) {
>>
>> -        CharChunk uriCC = req.decodedURI().getCharChunk();
>> -        int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
>> +        ByteChunk uriBC = req.requestURI().getByteChunk();
>> +        int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
>>
>>         if (semicolon > 0) {
>>
>>             // Parse session ID, and extract it from the decoded 
>> request URI
>> -            int start = uriCC.getStart();
>> -            int end = uriCC.getEnd();
>> +            int start = uriBC.getStart();
>> +            int end = uriBC.getEnd();
>>
>> -            int sessionIdStart = start + semicolon + match.length();
>> -            int semicolon2 = uriCC.indexOf(';', sessionIdStart);
>> +            int sessionIdStart = semicolon + match.length();
>> +            int semicolon2 = uriBC.indexOf(';', sessionIdStart);
>>             if (semicolon2 >= 0) {
>>                 request.setRequestedSessionId
>> -                    (new String(uriCC.getBuffer(), sessionIdStart, 
>> -                                semicolon2 - semicolon - 
>> match.length()));
>> +                    (new String(uriBC.getBuffer(), start + 
>> sessionIdStart, +                            semicolon2 - 
>> sessionIdStart));
>> +                // Extract session ID from request URI
>> +                byte[] buf = uriBC.getBuffer();
>> +                for (int i = 0; i < end - start - semicolon2; i++) {
>> +                    buf[start + semicolon + i] 
>> +                        = buf[start + i + semicolon2];
>> +                }
>> +                uriBC.setBytes(buf, start, end - start - semicolon2 + 
>> semicolon);
>>             } else {
>>                 request.setRequestedSessionId
>> -                    (new String(uriCC.getBuffer(), sessionIdStart, 
>> -                                end - sessionIdStart));
>> -            }
>> -            request.setRequestedSessionURL(true);
>> -
>> -            // Extract session ID from request URI
>> -            ByteChunk uriBC = req.requestURI().getByteChunk();
>> -            start = uriBC.getStart();
>> -            end = uriBC.getEnd();
>> -            semicolon = uriBC.indexOf(match, 0, match.length(), 0);
>> -
>> -            if (semicolon > 0) {
>> -                sessionIdStart = start + semicolon;
>> -                semicolon2 = uriCC.indexOf
>> -                    (';', start + semicolon + match.length());
>> +                    (new String(uriBC.getBuffer(), start + 
>> sessionIdStart, +                            (end - start) - 
>> sessionIdStart));
>>                 uriBC.setEnd(start + semicolon);
>> -                byte[] buf = uriBC.getBuffer();
>> -                if (semicolon2 >= 0) {
>> -                    for (int i = 0; i < end - start - semicolon2; i++) {
>> -                        buf[start + semicolon + i] 
>> -                            = buf[start + i + semicolon2];
>> -                    }
>> -                    uriBC.setBytes(buf, start, semicolon 
>> -                                   + (end - start - semicolon2));
>> -                }
>>             }
>> +            request.setRequestedSessionURL(true);
>>
>>         } else {
>>             request.setRequestedSessionId(null);
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>
>>  
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message