tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject [tomcat] 01/04: Make all calls to URLDecode use an explicit character set
Date Mon, 16 Mar 2020 19:06:09 GMT
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 3bb4e130fc1a44c24b6efcd23f6c4e23733f4eda
Author: Mark Thomas <markt@apache.org>
AuthorDate: Mon Mar 16 15:57:13 2020 +0000

    Make all calls to URLDecode use an explicit character set
---
 java/org/apache/catalina/core/ApplicationContext.java | 3 ++-
 java/org/apache/catalina/loader/WebappLoader.java     | 8 ++++----
 test/org/apache/catalina/util/TestRequestUtil.java    | 4 ++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java
index 881d513..e76c54c 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -74,6 +74,7 @@ import org.apache.catalina.util.URLEncoder;
 import org.apache.naming.resources.DirContextURLStreamHandler;
 import org.apache.naming.resources.Resource;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.CharChunk;
 import org.apache.tomcat.util.buf.MessageBytes;
 import org.apache.tomcat.util.buf.UDecoder;
@@ -446,7 +447,7 @@ public class ApplicationContext implements ServletContext {
 
         if (getContext().getDispatchersUseEncodedPaths()) {
             // Decode
-            String decodedUri = UDecoder.URLDecode(normalizedUri, StandardCharsets.UTF_8);
+            String decodedUri = UDecoder.URLDecode(normalizedUri, B2CConverter.UTF_8);
 
             // Security check to catch attempts to encode /../ sequences
             normalizedUri = RequestUtil.normalize(decodedUri);
diff --git a/java/org/apache/catalina/loader/WebappLoader.java b/java/org/apache/catalina/loader/WebappLoader.java
index d2d2751..b39e9c1 100644
--- a/java/org/apache/catalina/loader/WebappLoader.java
+++ b/java/org/apache/catalina/loader/WebappLoader.java
@@ -55,6 +55,7 @@ import org.apache.naming.resources.DirContextURLStreamHandler;
 import org.apache.naming.resources.DirContextURLStreamHandlerFactory;
 import org.apache.naming.resources.Resource;
 import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.UDecoder;
 import org.apache.tomcat.util.compat.JreCompat;
 import org.apache.tomcat.util.modeler.Registry;
@@ -1107,12 +1108,11 @@ public class WebappLoader extends LifecycleMBeanBase
                 for (int i = 0; i < repositories.length; i++) {
                     String repository = repositories[i].toString();
                     if (repository.startsWith("file://"))
-                        repository = UDecoder.URLDecode(repository.substring(7));
+                        repository = UDecoder.URLDecode(repository.substring(7), B2CConverter.ISO_8859_1);
                     else if (repository.startsWith("file:"))
-                        repository = UDecoder.URLDecode(repository.substring(5));
+                        repository = UDecoder.URLDecode(repository.substring(5), B2CConverter.ISO_8859_1);
                     else if (repository.startsWith("jndi:"))
-                        repository =
-                            servletContext.getRealPath(repository.substring(5));
+                        repository = servletContext.getRealPath(repository.substring(5));
                     else
                         continue;
                     if (repository == null)
diff --git a/test/org/apache/catalina/util/TestRequestUtil.java b/test/org/apache/catalina/util/TestRequestUtil.java
index a566737..1974587 100644
--- a/test/org/apache/catalina/util/TestRequestUtil.java
+++ b/test/org/apache/catalina/util/TestRequestUtil.java
@@ -26,7 +26,7 @@ public class TestRequestUtil {
         // %n rather than %nn should throw an IAE according to the Javadoc
         Exception exception = null;
         try {
-            RequestUtil.URLDecode("%5xxxxx");
+            RequestUtil.URLDecode("%5xxxxx", "UTF-8");
         } catch (Exception e) {
             exception = e;
         }
@@ -35,7 +35,7 @@ public class TestRequestUtil {
         // Edge case trying to trigger ArrayIndexOutOfBoundsException
         exception = null;
         try {
-            RequestUtil.URLDecode("%5");
+            RequestUtil.URLDecode("%5", "UTF-8");
         } catch (Exception e) {
             exception = e;
         }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message