tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Rossbach ...@objektpark.de>
Subject Re: svn commit: r423967 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Date Thu, 20 Jul 2006 20:35:28 GMT
Hi Remy,

can you do that backport , please :-)
Peter.



Am 20.07.2006 um 18:01 schrieb remm@apache.org:

> Author: remm
> Date: Thu Jul 20 09:01:41 2006
> New Revision: 423967
>
> URL: http://svn.apache.org/viewvc?rev=423967&view=rev
> Log:
> - Changes to session id parsing so that it is done (as well as ";"  
> path parameter stripping) before
>   decoding, making it possible to %xx encode ";" in the URL.
> - This can probably be backported to 5.5.x.
>
> Modified:
>     tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/ 
> CoyoteAdapter.java
>
> Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/ 
> CoyoteAdapter.java
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/ 
> apache/catalina/connector/CoyoteAdapter.java? 
> rev=423967&r1=423966&r2=423967&view=diff
> ====================================================================== 
> ========
> --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/ 
> CoyoteAdapter.java (original)
> +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/ 
> CoyoteAdapter.java Thu Jul 20 09:01:41 2006
> @@ -293,11 +293,21 @@
>              req.serverName().setString(proxyName);
>          }
>
> +        // Parse session Id
> +        parseSessionId(req, request);
> +
>          // URI decoding
>          MessageBytes decodedURI = req.decodedURI();
>          decodedURI.duplicate(req.requestURI());
>
>          if (decodedURI.getType() == MessageBytes.T_BYTES) {
> +            // Remove any path parameters
> +            ByteChunk uriBB = decodedURI.getByteChunk();
> +            int semicolon = uriBB.indexOf(';', 0);
> +            if (semicolon > 0) {
> +                decodedURI.setBytes
> +                    (uriBB.getBuffer(), uriBB.getStart(), semicolon);
> +            }
>              // %xx decoding of the URL
>              try {
>                  req.getURLDecoder().convert(decodedURI, false);
> @@ -319,6 +329,13 @@
>              // protocol handler, we have to assume the URL has  
> been properly
>              // decoded already
>              decodedURI.toChars();
> +            // Remove any path parameters
> +            CharChunk uriCC = decodedURI.getCharChunk();
> +            int semicolon = uriCC.indexOf(';');
> +            if (semicolon > 0) {
> +                decodedURI.setChars
> +                    (uriCC.getBuffer(), uriCC.getStart(), semicolon);
> +            }
>          }
>
>          // Set the remote principal
> @@ -333,19 +350,6 @@
>              request.setAuthType(authtype);
>          }
>
> -        // Parse session Id
> -        parseSessionId(req, request);
> -
> -        // Remove any remaining parameters (other than session id,  
> which has
> -        // already been removed in parseSessionId()) from the URI,  
> so they
> -        // won't be considered by the mapping algorithm.
> -        CharChunk uriCC = decodedURI.getCharChunk();
> -        int semicolon = uriCC.indexOf(';');
> -        if (semicolon > 0) {
> -            decodedURI.setChars
> -                (uriCC.getBuffer(), uriCC.getStart(), semicolon);
> -        }
> -
>          // Request mapping.
>          MessageBytes serverName;
>          if (connector.getUseIPVHosts()) {
> @@ -420,49 +424,35 @@
>       */
>      protected void parseSessionId(org.apache.coyote.Request req,  
> Request request) {
>
> -        CharChunk uriCC = req.decodedURI().getCharChunk();
> -        int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
> +        ByteChunk uriBC = req.requestURI().getByteChunk();
> +        int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
>
>          if (semicolon > 0) {
>
>              // Parse session ID, and extract it from the decoded  
> request URI
> -            int start = uriCC.getStart();
> -            int end = uriCC.getEnd();
> +            int start = uriBC.getStart();
> +            int end = uriBC.getEnd();
>
> -            int sessionIdStart = start + semicolon + match.length();
> -            int semicolon2 = uriCC.indexOf(';', sessionIdStart);
> +            int sessionIdStart = semicolon + match.length();
> +            int semicolon2 = uriBC.indexOf(';', sessionIdStart);
>              if (semicolon2 >= 0) {
>                  request.setRequestedSessionId
> -                    (new String(uriCC.getBuffer(), sessionIdStart,
> -                                semicolon2 - semicolon -  
> match.length()));
> +                    (new String(uriBC.getBuffer(), start +  
> sessionIdStart,
> +                            semicolon2 - sessionIdStart));
> +                // Extract session ID from request URI
> +                byte[] buf = uriBC.getBuffer();
> +                for (int i = 0; i < end - start - semicolon2; i++) {
> +                    buf[start + semicolon + i]
> +                        = buf[start + i + semicolon2];
> +                }
> +                uriBC.setBytes(buf, start, end - start -  
> semicolon2 + semicolon);
>              } else {
>                  request.setRequestedSessionId
> -                    (new String(uriCC.getBuffer(), sessionIdStart,
> -                                end - sessionIdStart));
> -            }
> -            request.setRequestedSessionURL(true);
> -
> -            // Extract session ID from request URI
> -            ByteChunk uriBC = req.requestURI().getByteChunk();
> -            start = uriBC.getStart();
> -            end = uriBC.getEnd();
> -            semicolon = uriBC.indexOf(match, 0, match.length(), 0);
> -
> -            if (semicolon > 0) {
> -                sessionIdStart = start + semicolon;
> -                semicolon2 = uriCC.indexOf
> -                    (';', start + semicolon + match.length());
> +                    (new String(uriBC.getBuffer(), start +  
> sessionIdStart,
> +                            (end - start) - sessionIdStart));
>                  uriBC.setEnd(start + semicolon);
> -                byte[] buf = uriBC.getBuffer();
> -                if (semicolon2 >= 0) {
> -                    for (int i = 0; i < end - start - semicolon2; i 
> ++) {
> -                        buf[start + semicolon + i]
> -                            = buf[start + i + semicolon2];
> -                    }
> -                    uriBC.setBytes(buf, start, semicolon
> -                                   + (end - start - semicolon2));
> -                }
>              }
> +            request.setRequestedSessionURL(true);
>
>          } else {
>              request.setRequestedSessionId(null);
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message