Re: svn commit: r423967 - /tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java

Thu, 20 Jul 2006 15:55:04 -0700 

William A. Rowe, Jr. wrote:


Guys, let me clarify, you are only paying attention to ';' following the
QUERY_STRING delimiter '?', correct?
';' means nothing special before the '?', double check your interpretation of RFC 2616. I can have /foo.bar;bash?v1=a;v2=b (or ...?v1=a&v2=b) and that 
semi is part of the foo.bar;bash filename.  Right?


Then what I have just commited is not right...

But in mod_jk the behaviour without the patch is weird.
Try:
JkMount /*.jsp worker1
And url like http://localhost/;jsp-examples/jsp2/;simpletag/;hello.jsp
without the patches.

Cheers

Jean-Frederic



Bill


Jean-frederic Clere wrote:


I will also add the ";" path parameter stripping to mod_jk.

Cheers

Jean-Frederic

[EMAIL PROTECTED] wrote:


Author: remm
Date: Thu Jul 20 09:01:41 2006
New Revision: 423967

URL: http://svn.apache.org/viewvc?rev=423967&view=rev
Log:
- Changes to session id parsing so that it is done (as well as ";" path parameter stripping) before 
 decoding, making it possible to %xx encode ";" in the URL.
- This can probably be backported to 5.5.x.

Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=423967&r1=423966&r2=423967&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Thu Jul 20 09:01:41 2006 
@@ -293,11 +293,21 @@
            req.serverName().setString(proxyName);
        }

+        // Parse session Id
+        parseSessionId(req, request);
+
        // URI decoding
        MessageBytes decodedURI = req.decodedURI();
        decodedURI.duplicate(req.requestURI());

        if (decodedURI.getType() == MessageBytes.T_BYTES) {
+            // Remove any path parameters
+            ByteChunk uriBB = decodedURI.getByteChunk();
+            int semicolon = uriBB.indexOf(';', 0);
+            if (semicolon > 0) {
+                decodedURI.setBytes
+                    (uriBB.getBuffer(), uriBB.getStart(), semicolon);
+            }
            // %xx decoding of the URL
            try {
                req.getURLDecoder().convert(decodedURI, false);
@@ -319,6 +329,13 @@
// protocol handler, we have to assume the URL has been properly 
            // decoded already
            decodedURI.toChars();
+            // Remove any path parameters
+            CharChunk uriCC = decodedURI.getCharChunk();
+            int semicolon = uriCC.indexOf(';');
+            if (semicolon > 0) {
+                decodedURI.setChars
+                    (uriCC.getBuffer(), uriCC.getStart(), semicolon);
+            }
        }

        // Set the remote principal
@@ -333,19 +350,6 @@
            request.setAuthType(authtype);
        }

-        // Parse session Id
-        parseSessionId(req, request);
-
- // Remove any remaining parameters (other than session id, which has - // already been removed in parseSessionId()) from the URI, so they 
-        // won't be considered by the mapping algorithm.
-        CharChunk uriCC = decodedURI.getCharChunk();
-        int semicolon = uriCC.indexOf(';');
-        if (semicolon > 0) {
-            decodedURI.setChars
-                (uriCC.getBuffer(), uriCC.getStart(), semicolon);
-        }
-
        // Request mapping.
        MessageBytes serverName;
        if (connector.getUseIPVHosts()) {
@@ -420,49 +424,35 @@
     */
protected void parseSessionId(org.apache.coyote.Request req, Request request) { 

-        CharChunk uriCC = req.decodedURI().getCharChunk();
-        int semicolon = uriCC.indexOf(match, 0, match.length(), 0);
+        ByteChunk uriBC = req.requestURI().getByteChunk();
+        int semicolon = uriBC.indexOf(match, 0, match.length(), 0);

        if (semicolon > 0) {
// Parse session ID, and extract it from the decoded request URI 
-            int start = uriCC.getStart();
-            int end = uriCC.getEnd();
+            int start = uriBC.getStart();
+            int end = uriBC.getEnd();

-            int sessionIdStart = start + semicolon + match.length();
-            int semicolon2 = uriCC.indexOf(';', sessionIdStart);
+            int sessionIdStart = semicolon + match.length();
+            int semicolon2 = uriBC.indexOf(';', sessionIdStart);
            if (semicolon2 >= 0) {
                request.setRequestedSessionId
- (new String(uriCC.getBuffer(), sessionIdStart, - semicolon2 - semicolon - match.length())); + (new String(uriBC.getBuffer(), start + sessionIdStart, + semicolon2 - sessionIdStart)); 
+                // Extract session ID from request URI
+                byte[] buf = uriBC.getBuffer();
+                for (int i = 0; i < end - start - semicolon2; i++) {
+ buf[start + semicolon + i] + = buf[start + i + semicolon2]; 
+                }
+ uriBC.setBytes(buf, start, end - start - semicolon2 + semicolon); 
            } else {
                request.setRequestedSessionId
- (new String(uriCC.getBuffer(), sessionIdStart, - end - sessionIdStart)); 
-            }
-            request.setRequestedSessionURL(true);
-
-            // Extract session ID from request URI
-            ByteChunk uriBC = req.requestURI().getByteChunk();
-            start = uriBC.getStart();
-            end = uriBC.getEnd();
-            semicolon = uriBC.indexOf(match, 0, match.length(), 0);
-
-            if (semicolon > 0) {
-                sessionIdStart = start + semicolon;
-                semicolon2 = uriCC.indexOf
-                    (';', start + semicolon + match.length());
+ (new String(uriBC.getBuffer(), start + sessionIdStart, + (end - start) - sessionIdStart)); 
                uriBC.setEnd(start + semicolon);
-                byte[] buf = uriBC.getBuffer();
-                if (semicolon2 >= 0) {
- for (int i = 0; i < end - start - semicolon2; i++) { - buf[start + semicolon + i] - = buf[start + i + semicolon2]; 
-                    }
- uriBC.setBytes(buf, start, semicolon - + (end - start - semicolon2)); 
-                }
            }
+            request.setRequestedSessionURL(true);

        } else {
            request.setRequestedSessionId(null);



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to