Author: markt
Date: Thu Aug 2 13:52:55 2018
New Revision: 1837300
URL: http://svn.apache.org/viewvc?rev=1837300&view=rev
Log:
Correctly decode URL paths. '+' should not be decoded to ' ' in the path
Modified:
tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java
tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
tomcat/trunk/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=1837300&r1=1837299&r2=1837300&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/ApplicationContext.java Thu Aug
2 13:52:55 2018
@@ -17,11 +17,9 @@
package org.apache.catalina.core;
import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
-import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
@@ -75,6 +73,7 @@ import org.apache.catalina.util.URLEncod
import org.apache.tomcat.util.ExceptionUtils;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
+import org.apache.tomcat.util.buf.UDecoder;
import org.apache.tomcat.util.descriptor.web.FilterDef;
import org.apache.tomcat.util.http.RequestUtil;
import org.apache.tomcat.util.res.StringManager;
@@ -425,13 +424,7 @@ public class ApplicationContext implemen
if (getContext().getDispatchersUseEncodedPaths()) {
// Decode
- String decodedPath;
- try {
- decodedPath = URLDecoder.decode(normalizedPath, "UTF-8");
- } catch (UnsupportedEncodingException e) {
- // Impossible
- return null;
- }
+ String decodedPath = UDecoder.URLDecode(normalizedPath);
// Security check to catch attempts to encode /../ sequences
normalizedPath = RequestUtil.normalize(decodedPath);
Modified: tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java?rev=1837300&r1=1837299&r2=1837300&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java (original)
+++ tomcat/trunk/java/org/apache/catalina/loader/WebappLoader.java Thu Aug 2
13:52:55 2018
@@ -22,11 +22,9 @@ import java.beans.PropertyChangeSupport;
import java.io.File;
import java.io.FilePermission;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
import java.lang.reflect.Constructor;
import java.net.URL;
import java.net.URLClassLoader;
-import java.net.URLDecoder;
import javax.management.ObjectName;
import javax.servlet.ServletContext;
@@ -41,6 +39,7 @@ import org.apache.catalina.util.ToString
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.UDecoder;
import org.apache.tomcat.util.modeler.Registry;
import org.apache.tomcat.util.res.StringManager;
@@ -602,9 +601,9 @@ public class WebappLoader extends Lifecy
for (int i = 0; i < repositories.length; i++) {
String repository = repositories[i].toString();
if (repository.startsWith("file://"))
- repository = utf8Decode(repository.substring(7));
+ repository =
UDecoder.URLDecode(repository.substring(7));
else if (repository.startsWith("file:"))
- repository = utf8Decode(repository.substring(5));
+ repository =
UDecoder.URLDecode(repository.substring(5));
else
continue;
if (repository == null)
@@ -631,16 +630,6 @@ public class WebappLoader extends Lifecy
return true;
}
- private String utf8Decode(String input) {
- String result = null;
- try {
- result = URLDecoder.decode(input, "UTF-8");
- } catch (UnsupportedEncodingException uee) {
- // Impossible. All JVMs are required to support UTF-8.
- }
- return result;
- }
-
private static final Log log = LogFactory.getLog(WebappLoader.class);
Modified: tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java?rev=1837300&r1=1837299&r2=1837300&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java
(original)
+++ tomcat/trunk/java/org/apache/jasper/compiler/JspRuntimeContext.java Thu Aug
2 13:52:55 2018
@@ -21,10 +21,9 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.FilePermission;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
-import java.net.URLDecoder;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Policy;
@@ -425,10 +424,10 @@ public final class JspRuntimeContext {
try {
// Need to decode the URL, primarily to convert %20
// sequences back to spaces
- String decoded = URLDecoder.decode(urls[i].getPath(),
"UTF-8");
+ String decoded = urls[i].toURI().getPath();
cpath.append(decoded + File.pathSeparator);
- } catch (UnsupportedEncodingException e) {
- // All JREs are required to support UTF-8
+ } catch (URISyntaxException e) {
+
log.warn(Localizer.getMessage("jsp.warning.classpathUrl"), e);
}
}
}
Modified: tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties?rev=1837300&r1=1837299&r2=1837300&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
[UTF-8] (original)
+++ tomcat/trunk/java/org/apache/jasper/resources/LocalStrings.properties
[UTF-8] Thu Aug 2 13:52:55 2018
@@ -107,6 +107,7 @@ jsp.error.javac=Javac exception
jsp.error.javac.env=Environment:
jsp.error.compilation=Error compiling file: [{0}] [{1}]
jsp.error.undeclared_namespace=A custom tag was encountered with an undeclared
namespace [{0}]
+jsp.warning.classpathUrl=Invalid URL found in class path. This URL will be
ignored
jsp.warning.keepgen=Warning: Invalid value for the initParam keepgenerated.
Will use the default value of "false"
jsp.warning.xpoweredBy=Warning: Invalid value for the initParam xpoweredBy.
Will use the default value of "false"
jsp.warning.enablePooling=Warning: Invalid value for the initParam
enablePooling. Will use the default value of "true"
Modified:
tomcat/trunk/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java?rev=1837300&r1=1837299&r2=1837300&view=diff
==============================================================================
---
tomcat/trunk/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
(original)
+++
tomcat/trunk/test/org/apache/catalina/core/TestApplicationContextGetRequestDispatcher.java
Thu Aug 2 13:52:55 2018
@@ -353,6 +353,20 @@ public class TestApplicationContextGetRe
}
+ @Test
+ public void testGetRequestDispatcher47() throws Exception {
+ doTestGetRequestDispatcher(true, "/prefix/start", null, "aa+bb",
+ "/prefix/aa+bb", TargetServlet.OK);
+ }
+
+
+ @Test
+ public void testGetRequestDispatcher48() throws Exception {
+ doTestGetRequestDispatcher(false, "/prefix/start", null, "aa+bb",
+ "/prefix/aa+bb", TargetServlet.OK);
+ }
+
+
private void doTestGetRequestDispatcher(boolean useEncodedDispatchPaths,
String startPath,
String startQueryString, String dispatchPath, String targetPath,
String expectedBody)
throws Exception {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1837300&r1=1837299&r2=1837300&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Aug 2 13:52:55 2018
@@ -77,6 +77,11 @@
Use this new class when reporting multiple container (e.g. web
application) failures during start. (markt)
</add>
+ <fix>
+ Correctly decode URL paths (<code>+</code> should not be decoded to a
+ space in the path) in the <code>RequestDispatcher</code> and the web
+ application class loader. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
@@ -131,6 +136,10 @@
Generally, using an explicit scope with tag attributes in EL is the
best
way to avoid various potential performance issues. (markt)
</add>
+ <fix>
+ Correctly decode URL paths (<code>+</code> should not be decoded to a
+ space in the path) in the Jasper class loader. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Web applications">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
