Author: remm
Date: Thu Jul 20 09:01:41 2006
New Revision: 423967
URL: http://svn.apache.org/viewvc?rev=423967&view=rev
Log:
- Changes to session id parsing so that it is done (as well as ";"
path parameter stripping) before
decoding, making it possible to %xx encode ";" in the URL.
- This can probably be backported to 5.5.x.
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/
CoyoteAdapter.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/
CoyoteAdapter.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/
apache/catalina/connector/CoyoteAdapter.java?
rev=423967&r1=423966&r2=423967&view=diff
======================================================================
========
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/
CoyoteAdapter.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/
CoyoteAdapter.java Thu Jul 20 09:01:41 2006
@@ -293,11 +293,21 @@
req.serverName().setString(proxyName);
}
+ // Parse session Id
+ parseSessionId(req, request);
+
// URI decoding
MessageBytes decodedURI = req.decodedURI();
decodedURI.duplicate(req.requestURI());
if (decodedURI.getType() == MessageBytes.T_BYTES) {
+ // Remove any path parameters
+ ByteChunk uriBB = decodedURI.getByteChunk();
+ int semicolon = uriBB.indexOf(';', 0);
+ if (semicolon > 0) {
+ decodedURI.setBytes
+ (uriBB.getBuffer(), uriBB.getStart(), semicolon);
+ }
// %xx decoding of the URL
try {
req.getURLDecoder().convert(decodedURI, false);
@@ -319,6 +329,13 @@
// protocol handler, we have to assume the URL has
been properly
// decoded already
decodedURI.toChars();
+ // Remove any path parameters
+ CharChunk uriCC = decodedURI.getCharChunk();
+ int semicolon = uriCC.indexOf(';');
+ if (semicolon > 0) {
+ decodedURI.setChars
+ (uriCC.getBuffer(), uriCC.getStart(), semicolon);
+ }
}
// Set the remote principal
@@ -333,19 +350,6 @@
request.setAuthType(authtype);
}
- // Parse session Id
- parseSessionId(req, request);
-
- // Remove any remaining parameters (other than session id,
which has
- // already been removed in parseSessionId()) from the URI,
so they
- // won't be considered by the mapping algorithm.
- CharChunk uriCC = decodedURI.getCharChunk();
- int semicolon = uriCC.indexOf(';');
- if (semicolon > 0) {
- decodedURI.setChars
- (uriCC.getBuffer(), uriCC.getStart(), semicolon);
- }
-
// Request mapping.
MessageBytes serverName;
if (connector.getUseIPVHosts()) {
@@ -420,49 +424,35 @@
*/
protected void parseSessionId(org.apache.coyote.Request req,
Request request) {
- CharChunk uriCC = req.decodedURI().getCharChunk();
- int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
+ ByteChunk uriBC = req.requestURI().getByteChunk();
+ int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
if (semicolon > 0) {
// Parse session ID, and extract it from the decoded
request URI
- int start = uriCC.getStart();
- int end = uriCC.getEnd();
+ int start = uriBC.getStart();
+ int end = uriBC.getEnd();
- int sessionIdStart = start + semicolon + match.length();
- int semicolon2 = uriCC.indexOf(';', sessionIdStart);
+ int sessionIdStart = semicolon + match.length();
+ int semicolon2 = uriBC.indexOf(';', sessionIdStart);
if (semicolon2 >= 0) {
request.setRequestedSessionId
- (new String(uriCC.getBuffer(), sessionIdStart,
- semicolon2 - semicolon -
match.length()));
+ (new String(uriBC.getBuffer(), start +
sessionIdStart,
+ semicolon2 - sessionIdStart));
+ // Extract session ID from request URI
+ byte[] buf = uriBC.getBuffer();
+ for (int i = 0; i < end - start - semicolon2; i++) {
+ buf[start + semicolon + i]
+ = buf[start + i + semicolon2];
+ }
+ uriBC.setBytes(buf, start, end - start -
semicolon2 + semicolon);
} else {
request.setRequestedSessionId
- (new String(uriCC.getBuffer(), sessionIdStart,
- end - sessionIdStart));
- }
- request.setRequestedSessionURL(true);
-
- // Extract session ID from request URI
- ByteChunk uriBC = req.requestURI().getByteChunk();
- start = uriBC.getStart();
- end = uriBC.getEnd();
- semicolon = uriBC.indexOf(match, 0, match.length(), 0);
-
- if (semicolon > 0) {
- sessionIdStart = start + semicolon;
- semicolon2 = uriCC.indexOf
- (';', start + semicolon + match.length());
+ (new String(uriBC.getBuffer(), start +
sessionIdStart,
+ (end - start) - sessionIdStart));
uriBC.setEnd(start + semicolon);
- byte[] buf = uriBC.getBuffer();
- if (semicolon2 >= 0) {
- for (int i = 0; i < end - start - semicolon2; i
++) {
- buf[start + semicolon + i]
- = buf[start + i + semicolon2];
- }
- uriBC.setBytes(buf, start, semicolon
- + (end - start - semicolon2));
- }
}
+ request.setRequestedSessionURL(true);
} else {
request.setRequestedSessionId(null);
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
