Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E214A186CA for ; Tue, 1 Mar 2016 15:17:59 +0000 (UTC) Received: (qmail 73869 invoked by uid 500); 1 Mar 2016 15:17:01 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 73773 invoked by uid 500); 1 Mar 2016 15:17:01 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 73763 invoked by uid 99); 1 Mar 2016 15:17:01 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Mar 2016 15:17:00 +0000 Received: from mail-oi0-f53.google.com (mail-oi0-f53.google.com [209.85.218.53]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id AD2DB1A010E for ; Tue, 1 Mar 2016 15:17:00 +0000 (UTC) Received: by mail-oi0-f53.google.com with SMTP id m82so130801679oif.1 for ; Tue, 01 Mar 2016 07:17:00 -0800 (PST) X-Gm-Message-State: AD7BkJJZcVuar8Ktvs1rgmRc7fnyCScktZ1tkas4C1UTzgKhHqjGlYoU3EHpxLO63GbubPmRRGjgB7bMo4KXlw== MIME-Version: 1.0 X-Received: by 10.202.75.140 with SMTP id y134mr10387531oia.116.1456845420090; Tue, 01 Mar 2016 07:17:00 -0800 (PST) Received: by 10.76.84.199 with HTTP; Tue, 1 Mar 2016 07:17:00 -0800 (PST) In-Reply-To: References: <20160301143746.6CA733A0428@svn01-us-west.apache.org> Date: Tue, 1 Mar 2016 16:17:00 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r1733080 - in /tomcat/trunk: java/org/apache/tomcat/util/buf/UriUtil.java webapps/docs/changelog.xml From: =?UTF-8?Q?R=C3=A9my_Maucherat?= To: Tomcat Developers List Content-Type: multipart/alternative; boundary=001a11c17ad6c1e091052cfe419b --001a11c17ad6c1e091052cfe419b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable 2016-03-01 15:57 GMT+01:00 Martin Grigorov : > Hi Mark, > > On Tue, Mar 1, 2016 at 3:37 PM, wrote: > > > Author: markt > > Date: Tue Mar 1 14:37:46 2016 > > New Revision: 1733080 > > > > URL: http://svn.apache.org/viewvc?rev=3D1733080&view=3Drev > > Log: > > Expand the fix for BZ 59001 to cover the special sequences used in > > Tomcat's custom jar:war: URL > > > > Modified: > > tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java > > tomcat/trunk/webapps/docs/changelog.xml > > > > Modified: tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java > > URL: > > > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf= /UriUtil.java?rev=3D1733080&r1=3D1733079&r2=3D1733080&view=3Ddiff > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > --- tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java (original= ) > > +++ tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java Tue Mar = 1 > > 14:37:46 2016 > > @@ -106,6 +106,9 @@ public final class UriUtil { > > private static String makeSafeForJarUrl(String input) { > > > > > > > // Since "!/" has a special meaning in a JAR URL, make sure th= at > > the > > // sequence is properly escaped if present. > > - return input.replaceAll("!/", "%21/"); > > + String tmp =3D input.replaceAll("!/", "%21/"); > > + // Tomcat's custom jar:war: URL handling treats */ and ^/ as > > special > > + tmp =3D tmp.replaceAll("^/", "%5e/"); > > + return tmp.replaceAll("\\*/", "%2a/"); > > > > How often this method is expected to be called? I guess at least once per > request. > No, it's supposed to be an init "scan" method, not a once per request. OTOH, sometimes there are like thousands of jars, so if it's really that slow ... R=C3=A9my > > My concern is about the performance of String#replaceAll. It uses Regex a= nd > is slower than custom solutions like > > https://github.com/apache/wicket/blob/ffa34c6bfbd2ccd8340e23ff1601edd3e0e= 941d6/wicket-util/src/main/java/org/apache/wicket/util/string/Strings.java#= L748 > > When I don't have access to such util methods in the classpath then I > prefer to pre-compile the Pattern as a constant and just match on it: > e.g. PERCENT_21_PATTERN.matcher(input).replaceAll("%21/") > > Additionally I have the feeling that 'tmp.replaceAll("^/", "%5e/");' won'= t > behave as desired. I think it would match for any String that starts with= a > slash because of '^'. You may need to Pattern.quote() it. > > > > } > > } > > > > Modified: tomcat/trunk/webapps/docs/changelog.xml > > URL: > > > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev= =3D1733080&r1=3D1733079&r2=3D1733080&view=3Ddiff > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > > --- tomcat/trunk/webapps/docs/changelog.xml (original) > > +++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 1 14:37:46 2016 > > @@ -107,6 +107,10 @@ > > 59001: Correctly handle the case when Tomcat is > > installed on > > a path where one of the segments ends in an exclamation mark. > > (markt) > > > > + > > + Expand the fix for 59001 to cover the special > > sequences used > > + in Tomcat's custom jar:war: URLs. (markt) > > + > > > > Switch to the web application class loader to the > > ParallelWebappClassLoader by default. (markt) > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org > > For additional commands, e-mail: dev-help@tomcat.apache.org > > > > > --001a11c17ad6c1e091052cfe419b--