tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-frederic Clere <jfcl...@gmail.com>
Subject Re: svn commit: r423967 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Date Thu, 20 Jul 2006 22:55:03 GMT
William A. Rowe, Jr. wrote:

> Guys, let me clarify, you are only paying attention to ';' following the
> QUERY_STRING delimiter '?', correct?
>
> ';' means nothing special before the '?', double check your 
> interpretation
> of RFC 2616.  I can have /foo.bar;bash?v1=a;v2=b (or ...?v1=a&v2=b) 
> and that
> semi is part of the foo.bar;bash filename.  Right?

Then what I have just commited is not right...

But in mod_jk the behaviour without the patch is weird.
Try:
JkMount /*.jsp worker1
And url like http://localhost/;jsp-examples/jsp2/;simpletag/;hello.jsp
without the patches.

Cheers

Jean-Frederic

>
> Bill
>
>
> Jean-frederic Clere wrote:
>
>> I will also add the ";" path parameter stripping to mod_jk.
>>
>> Cheers
>>
>> Jean-Frederic
>>
>> remm@apache.org wrote:
>>
>>> Author: remm
>>> Date: Thu Jul 20 09:01:41 2006
>>> New Revision: 423967
>>>
>>> URL: http://svn.apache.org/viewvc?rev=423967&view=rev
>>> Log:
>>> - Changes to session id parsing so that it is done (as well as ";" 
>>> path parameter stripping) before
>>>  decoding, making it possible to %xx encode ";" in the URL.
>>> - This can probably be backported to 5.5.x.
>>>
>>> Modified:
>>>    
>>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>>>
>>>
>>> Modified: 
>>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>>>
>>> URL: 
>>> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=423967&r1=423966&r2=423967&view=diff

>>>
>>> ==============================================================================

>>>
>>> --- 
>>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>>> (original)
>>> +++ 
>>> tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 
>>> Thu Jul 20 09:01:41 2006
>>> @@ -293,11 +293,21 @@
>>>             req.serverName().setString(proxyName);
>>>         }
>>>
>>> +        // Parse session Id
>>> +        parseSessionId(req, request);
>>> +
>>>         // URI decoding
>>>         MessageBytes decodedURI = req.decodedURI();
>>>         decodedURI.duplicate(req.requestURI());
>>>
>>>         if (decodedURI.getType() == MessageBytes.T_BYTES) {
>>> +            // Remove any path parameters
>>> +            ByteChunk uriBB = decodedURI.getByteChunk();
>>> +            int semicolon = uriBB.indexOf(';', 0);
>>> +            if (semicolon > 0) {
>>> +                decodedURI.setBytes
>>> +                    (uriBB.getBuffer(), uriBB.getStart(), semicolon);
>>> +            }
>>>             // %xx decoding of the URL
>>>             try {
>>>                 req.getURLDecoder().convert(decodedURI, false);
>>> @@ -319,6 +329,13 @@
>>>             // protocol handler, we have to assume the URL has been 
>>> properly
>>>             // decoded already
>>>             decodedURI.toChars();
>>> +            // Remove any path parameters
>>> +            CharChunk uriCC = decodedURI.getCharChunk();
>>> +            int semicolon = uriCC.indexOf(';');
>>> +            if (semicolon > 0) {
>>> +                decodedURI.setChars
>>> +                    (uriCC.getBuffer(), uriCC.getStart(), semicolon);
>>> +            }
>>>         }
>>>
>>>         // Set the remote principal
>>> @@ -333,19 +350,6 @@
>>>             request.setAuthType(authtype);
>>>         }
>>>
>>> -        // Parse session Id
>>> -        parseSessionId(req, request);
>>> -
>>> -        // Remove any remaining parameters (other than session id, 
>>> which has
>>> -        // already been removed in parseSessionId()) from the URI, 
>>> so they
>>> -        // won't be considered by the mapping algorithm.
>>> -        CharChunk uriCC = decodedURI.getCharChunk();
>>> -        int semicolon = uriCC.indexOf(';');
>>> -        if (semicolon > 0) {
>>> -            decodedURI.setChars
>>> -                (uriCC.getBuffer(), uriCC.getStart(), semicolon);
>>> -        }
>>> -
>>>         // Request mapping.
>>>         MessageBytes serverName;
>>>         if (connector.getUseIPVHosts()) {
>>> @@ -420,49 +424,35 @@
>>>      */
>>>     protected void parseSessionId(org.apache.coyote.Request req, 
>>> Request request) {
>>>
>>> -        CharChunk uriCC = req.decodedURI().getCharChunk();
>>> -        int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
>>> +        ByteChunk uriBC = req.requestURI().getByteChunk();
>>> +        int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
>>>
>>>         if (semicolon > 0) {
>>>
>>>             // Parse session ID, and extract it from the decoded 
>>> request URI
>>> -            int start = uriCC.getStart();
>>> -            int end = uriCC.getEnd();
>>> +            int start = uriBC.getStart();
>>> +            int end = uriBC.getEnd();
>>>
>>> -            int sessionIdStart = start + semicolon + match.length();
>>> -            int semicolon2 = uriCC.indexOf(';', sessionIdStart);
>>> +            int sessionIdStart = semicolon + match.length();
>>> +            int semicolon2 = uriBC.indexOf(';', sessionIdStart);
>>>             if (semicolon2 >= 0) {
>>>                 request.setRequestedSessionId
>>> -                    (new String(uriCC.getBuffer(), sessionIdStart, 
>>> -                                semicolon2 - semicolon - 
>>> match.length()));
>>> +                    (new String(uriBC.getBuffer(), start + 
>>> sessionIdStart, +                            semicolon2 - 
>>> sessionIdStart));
>>> +                // Extract session ID from request URI
>>> +                byte[] buf = uriBC.getBuffer();
>>> +                for (int i = 0; i < end - start - semicolon2; i++) {
>>> +                    buf[start + semicolon + i] 
>>> +                        = buf[start + i + semicolon2];
>>> +                }
>>> +                uriBC.setBytes(buf, start, end - start - semicolon2 
>>> + semicolon);
>>>             } else {
>>>                 request.setRequestedSessionId
>>> -                    (new String(uriCC.getBuffer(), sessionIdStart, 
>>> -                                end - sessionIdStart));
>>> -            }
>>> -            request.setRequestedSessionURL(true);
>>> -
>>> -            // Extract session ID from request URI
>>> -            ByteChunk uriBC = req.requestURI().getByteChunk();
>>> -            start = uriBC.getStart();
>>> -            end = uriBC.getEnd();
>>> -            semicolon = uriBC.indexOf(match, 0, match.length(), 0);
>>> -
>>> -            if (semicolon > 0) {
>>> -                sessionIdStart = start + semicolon;
>>> -                semicolon2 = uriCC.indexOf
>>> -                    (';', start + semicolon + match.length());
>>> +                    (new String(uriBC.getBuffer(), start + 
>>> sessionIdStart, +                            (end - start) - 
>>> sessionIdStart));
>>>                 uriBC.setEnd(start + semicolon);
>>> -                byte[] buf = uriBC.getBuffer();
>>> -                if (semicolon2 >= 0) {
>>> -                    for (int i = 0; i < end - start - semicolon2; 
>>> i++) {
>>> -                        buf[start + semicolon + i] 
>>> -                            = buf[start + i + semicolon2];
>>> -                    }
>>> -                    uriBC.setBytes(buf, start, semicolon 
>>> -                                   + (end - start - semicolon2));
>>> -                }
>>>             }
>>> +            request.setRequestedSessionURL(true);
>>>
>>>         } else {
>>>             request.setRequestedSessionId(null);
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>>
>>>
>>>  
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message