2016-03-01 15:57 GMT+01:00 Martin Grigorov <mgrigo...@apache.org>: > Hi Mark, > > On Tue, Mar 1, 2016 at 3:37 PM, <ma...@apache.org> wrote: > > > Author: markt > > Date: Tue Mar 1 14:37:46 2016 > > New Revision: 1733080 > > > > URL: http://svn.apache.org/viewvc?rev=1733080&view=rev > > Log: > > Expand the fix for BZ 59001 to cover the special sequences used in > > Tomcat's custom jar:war: URL > > > > Modified: > > tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java > > tomcat/trunk/webapps/docs/changelog.xml > > > > Modified: tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java > > URL: > > > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java?rev=1733080&r1=1733079&r2=1733080&view=diff > > > > > ============================================================================== > > --- tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java (original) > > +++ tomcat/trunk/java/org/apache/tomcat/util/buf/UriUtil.java Tue Mar 1 > > 14:37:46 2016 > > @@ -106,6 +106,9 @@ public final class UriUtil { > > private static String makeSafeForJarUrl(String input) { > > > > > > > // Since "!/" has a special meaning in a JAR URL, make sure that > > the > > // sequence is properly escaped if present. > > - return input.replaceAll("!/", "%21/"); > > + String tmp = input.replaceAll("!/", "%21/"); > > + // Tomcat's custom jar:war: URL handling treats */ and ^/ as > > special > > + tmp = tmp.replaceAll("^/", "%5e/"); > > + return tmp.replaceAll("\\*/", "%2a/"); > > > > How often this method is expected to be called? I guess at least once per > request. >
No, it's supposed to be an init "scan" method, not a once per request. OTOH, sometimes there are like thousands of jars, so if it's really that slow ... Rémy > > My concern is about the performance of String#replaceAll. It uses Regex and > is slower than custom solutions like > > https://github.com/apache/wicket/blob/ffa34c6bfbd2ccd8340e23ff1601edd3e0e941d6/wicket-util/src/main/java/org/apache/wicket/util/string/Strings.java#L748 > > When I don't have access to such util methods in the classpath then I > prefer to pre-compile the Pattern as a constant and just match on it: > e.g. PERCENT_21_PATTERN.matcher(input).replaceAll("%21/") > > Additionally I have the feeling that 'tmp.replaceAll("^/", "%5e/");' won't > behave as desired. I think it would match for any String that starts with a > slash because of '^'. You may need to Pattern.quote() it. > > > > } > > } > > > > Modified: tomcat/trunk/webapps/docs/changelog.xml > > URL: > > > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1733080&r1=1733079&r2=1733080&view=diff > > > > > ============================================================================== > > --- tomcat/trunk/webapps/docs/changelog.xml (original) > > +++ tomcat/trunk/webapps/docs/changelog.xml Tue Mar 1 14:37:46 2016 > > @@ -107,6 +107,10 @@ > > <bug>59001</bug>: Correctly handle the case when Tomcat is > > installed on > > a path where one of the segments ends in an exclamation mark. > > (markt) > > </fix> > > + <fix> > > + Expand the fix for <bug>59001</bug> to cover the special > > sequences used > > + in Tomcat's custom jar:war: URLs. (markt) > > + </fix> > > <update> > > Switch to the web application class loader to the > > <code>ParallelWebappClassLoader</code> by default. (markt) > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > >
