[tomcat] branch master updated: Remove fragment from RequestDispatcher target if (incorrectly) present

Fri, 31 May 2019 12:47:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new 1f31cf1  Remove fragment from RequestDispatcher target if 
(incorrectly) present
1f31cf1 is described below

commit 1f31cf1e192ddd530cc1e5c0383f8fa1d35a3f40
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri May 31 20:30:08 2019 +0100

    Remove fragment from RequestDispatcher target if (incorrectly) present
---
 .../catalina/connector/LocalStrings.properties     |  1 +
 java/org/apache/catalina/connector/Request.java    | 12 ++++++--
 .../catalina/core/ApplicationHttpRequest.java      | 36 ++++++++++++++++------
 .../apache/catalina/core/LocalStrings.properties   |  2 ++
 webapps/docs/changelog.xml                         |  5 +++
 5 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/java/org/apache/catalina/connector/LocalStrings.properties 
b/java/org/apache/catalina/connector/LocalStrings.properties
index bb018d9..ad14b81 100644
--- a/java/org/apache/catalina/connector/LocalStrings.properties
+++ b/java/org/apache/catalina/connector/LocalStrings.properties
@@ -80,6 +80,7 @@ inputBuffer.streamClosed=Stream closed
 outputBuffer.writeNull=The String argument to write(String,int,int) may not be 
null
 
 request.asyncNotSupported=A filter or servlet of the current chain does not 
support asynchronous operations.
+request.fragmentInDispatchPath=The fragment in dispatch path [{0}] has been 
removed
 request.illegalWrap=The request wrapper must wrap the request obtained from 
getRequest()
 request.notAsync=It is illegal to call this method if the current request is 
not in asynchronous mode (i.e. isAsyncStarted() returns false)
 
diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index ec38789..8a4a459 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -1371,10 +1371,18 @@ public class Request implements HttpServletRequest {
             return null;
         }
 
-        // If the path is already context-relative, just pass it through
         if (path == null) {
             return null;
-        } else if (path.startsWith("/")) {
+        }
+
+        int fragmentPos = path.indexOf('#');
+        if (fragmentPos > -1) {
+            log.warn(sm.getString("request.fragmentInDispatchPath", path));
+            path = path.substring(0, fragmentPos);
+        }
+
+        // If the path is already context-relative, just pass it through
+        if (path.startsWith("/")) {
             return context.getServletContext().getRequestDispatcher(path);
         }
 
diff --git a/java/org/apache/catalina/core/ApplicationHttpRequest.java 
b/java/org/apache/catalina/core/ApplicationHttpRequest.java
index fc3a1d6..e049e83 100644
--- a/java/org/apache/catalina/core/ApplicationHttpRequest.java
+++ b/java/org/apache/catalina/core/ApplicationHttpRequest.java
@@ -48,9 +48,11 @@ import org.apache.catalina.Session;
 import org.apache.catalina.connector.RequestFacade;
 import org.apache.catalina.util.ParameterMap;
 import org.apache.catalina.util.RequestUtil;
+import org.apache.catalina.util.URLEncoder;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.MessageBytes;
 import org.apache.tomcat.util.http.Parameters;
+import org.apache.tomcat.util.res.StringManager;
 
 
 /**
@@ -70,9 +72,7 @@ import org.apache.tomcat.util.http.Parameters;
  */
 class ApplicationHttpRequest extends HttpServletRequestWrapper {
 
-
-    // ------------------------------------------------------- Static Variables
-
+    private static final StringManager sm = 
StringManager.getManager(ApplicationHttpRequest.class);
 
     /**
      * The set of attribute names that are special for request dispatchers.
@@ -321,11 +321,20 @@ class ApplicationHttpRequest extends 
HttpServletRequestWrapper {
         if (context == null)
             return null;
 
-        // If the path is already context-relative, just pass it through
-        if (path == null)
+        if (path == null) {
             return null;
-        else if (path.startsWith("/"))
+        }
+
+        int fragmentPos = path.indexOf('#');
+        if (fragmentPos > -1) {
+            
context.getLogger().warn(sm.getString("applicationHttpRequest.fragmentInDispatchPath",
 path));
+            path = path.substring(0, fragmentPos);
+        }
+
+        // If the path is already context-relative, just pass it through
+        if (path.startsWith("/")) {
             return context.getServletContext().getRequestDispatcher(path);
+        }
 
         // Convert a request-relative path to a context-relative one
         String servletPath =
@@ -345,10 +354,19 @@ class ApplicationHttpRequest extends 
HttpServletRequestWrapper {
 
         int pos = requestPath.lastIndexOf('/');
         String relative = null;
-        if (pos >= 0) {
-            relative = requestPath.substring(0, pos + 1) + path;
+        if (context.getDispatchersUseEncodedPaths()) {
+            if (pos >= 0) {
+                relative = URLEncoder.DEFAULT.encode(
+                        requestPath.substring(0, pos + 1), 
StandardCharsets.UTF_8) + path;
+            } else {
+                relative = URLEncoder.DEFAULT.encode(requestPath, 
StandardCharsets.UTF_8) + path;
+            }
         } else {
-            relative = requestPath + path;
+            if (pos >= 0) {
+                relative = requestPath.substring(0, pos + 1) + path;
+            } else {
+                relative = requestPath + path;
+            }
         }
 
         return context.getServletContext().getRequestDispatcher(relative);
diff --git a/java/org/apache/catalina/core/LocalStrings.properties 
b/java/org/apache/catalina/core/LocalStrings.properties
index 1126de6..6a01297 100644
--- a/java/org/apache/catalina/core/LocalStrings.properties
+++ b/java/org/apache/catalina/core/LocalStrings.properties
@@ -58,6 +58,8 @@ applicationFilterConfig.release=Failed to destroy the filter 
named [{0}] of type
 applicationFilterRegistration.nullInitParam=Unable to set initialisation 
parameter for filter due to null name and/or value. Name [{0}], Value [{1}]
 applicationFilterRegistration.nullInitParams=Unable to set initialisation 
parameters for filter due to null name and/or value. Name [{0}], Value [{1}]
 
+applicationHttpRequest.fragmentInDispatchPath=The fragment in dispatch path 
[{0}] has been removed
+
 applicationPushBuilder.methodInvalid=The HTTP method for a push request must 
be both cacheable and safe but [{0}] is not
 applicationPushBuilder.methodNotToken=HTTP methods must be tokens but [{0}] 
contains a non-token character
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f5e63cd..7701241 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -91,6 +91,11 @@
         before removal of the child from the internal child collection.
         (remm)
       </scode>
+      <add>
+        Remove any fragment included in the target path used to obtain a
+        <code>RequestDispatcher</code>. The requested target path is logged as 
a
+        warning since this is an application error. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to