This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 93d471e Ensure URL patterns provided via web.xml are %nn decoded
consistently
93d471e is described below
commit 93d471e95d83ba8c86fd2909e1ecefac1680c939
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Mar 16 14:46:50 2020 +0000
Ensure URL patterns provided via web.xml are %nn decoded consistently
Use the encoding of the web.xml file where specified and UTF-8 where no
explicit encoding is specified.
---
.../tomcat/util/descriptor/web/ErrorPage.java | 8 ++--
.../tomcat/util/descriptor/web/FilterMap.java | 2 +-
.../tomcat/util/descriptor/web/LoginConfig.java | 9 ++---
.../util/descriptor/web/SecurityCollection.java | 2 +-
.../util/descriptor/web/SecurityConstraint.java | 10 +++++
.../apache/tomcat/util/descriptor/web/WebXml.java | 3 ++
.../tomcat/util/descriptor/web/TestWebXml.java | 43 ++++++++++++++++++++++
webapps/docs/changelog.xml | 9 +++++
8 files changed, 75 insertions(+), 11 deletions(-)
diff --git a/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
b/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
index f55dc5a..bf0920d 100644
--- a/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
+++ b/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
@@ -27,12 +27,12 @@ import org.apache.tomcat.util.buf.UDecoder;
*
* @author Craig R. McClanahan
*/
-public class ErrorPage implements Serializable {
+public class ErrorPage extends XmlEncodingBase implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2L;
- // ----------------------------------------------------- Instance Variables
+ // ----------------------------------------------------- Instance Variables
/**
* The error (status) code for which this error page is active. Note that
@@ -125,7 +125,7 @@ public class ErrorPage implements Serializable {
// if ((location == null) || !location.startsWith("/"))
// throw new IllegalArgumentException
// ("Error Page Location must start with a '/'");
- this.location = UDecoder.URLDecode(location);
+ this.location = UDecoder.URLDecode(location, getCharset());
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
index 868ef66..b78b975 100644
--- a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
+++ b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
@@ -136,7 +136,7 @@ public class FilterMap extends XmlEncodingBase implements
Serializable {
} else {
String[] results = new String[urlPatterns.length + 1];
System.arraycopy(urlPatterns, 0, results, 0, urlPatterns.length);
- results[urlPatterns.length] = UDecoder.URLDecode(urlPattern);
+ results[urlPatterns.length] = UDecoder.URLDecode(urlPattern,
getCharset());
urlPatterns = results;
}
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
index e1c6952..053eb80 100644
--- a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
+++ b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
@@ -27,15 +27,14 @@ import org.apache.tomcat.util.buf.UDecoder;
*
* @author Craig R. McClanahan
*/
-public class LoginConfig implements Serializable {
+public class LoginConfig extends XmlEncodingBase implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2L;
// ----------------------------------------------------------- Constructors
-
/**
* Construct a new LoginConfig with default properties.
*/
@@ -97,7 +96,7 @@ public class LoginConfig implements Serializable {
// if ((errorPage == null) || !errorPage.startsWith("/"))
// throw new IllegalArgumentException
// ("Error Page resource path must start with a '/'");
- this.errorPage = UDecoder.URLDecode(errorPage);
+ this.errorPage = UDecoder.URLDecode(errorPage, getCharset());
}
@@ -114,7 +113,7 @@ public class LoginConfig implements Serializable {
// if ((loginPage == null) || !loginPage.startsWith("/"))
// throw new IllegalArgumentException
// ("Login Page resource path must start with a '/'");
- this.loginPage = UDecoder.URLDecode(loginPage);
+ this.loginPage = UDecoder.URLDecode(loginPage, getCharset());
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
index 9130eb8..4a0dae5 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
@@ -206,7 +206,7 @@ public class SecurityCollection extends XmlEncodingBase
implements Serializable
if (pattern == null)
return;
- String decodedPattern = UDecoder.URLDecode(pattern);
+ String decodedPattern = UDecoder.URLDecode(pattern, getCharset());
String[] results = Arrays.copyOf(patterns, patterns.length + 1);
results[patterns.length] = decodedPattern;
patterns = results;
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
index 3cb06da..101a29f 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
@@ -17,6 +17,7 @@
package org.apache.tomcat.util.descriptor.web;
import java.io.Serializable;
+import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -265,6 +266,15 @@ public class SecurityConstraint extends XmlEncodingBase
implements Serializable
}
+ @Override
+ public void setCharset(Charset charset) {
+ super.setCharset(charset);
+ for (SecurityCollection collection : collections) {
+ collection.setCharset(getCharset());
+ }
+ }
+
+
/**
* Add a new web resource collection to those protected by this
* security constraint.
diff --git a/java/org/apache/tomcat/util/descriptor/web/WebXml.java
b/java/org/apache/tomcat/util/descriptor/web/WebXml.java
index 763ee88..814c1d3 100644
--- a/java/org/apache/tomcat/util/descriptor/web/WebXml.java
+++ b/java/org/apache/tomcat/util/descriptor/web/WebXml.java
@@ -296,6 +296,7 @@ public class WebXml extends XmlEncodingBase implements
DocumentProperties.Charse
private final Set<FilterMap> filterMaps = new LinkedHashSet<>();
private final Set<String> filterMappingNames = new HashSet<>();
public void addFilterMapping(FilterMap filterMap) {
+ filterMap.setCharset(getCharset());
filterMaps.add(filterMap);
filterMappingNames.add(filterMap.getFilterName());
}
@@ -397,6 +398,7 @@ public class WebXml extends XmlEncodingBase implements
DocumentProperties.Charse
// error-page
private final Map<String,ErrorPage> errorPages = new HashMap<>();
public void addErrorPage(ErrorPage errorPage) {
+ errorPage.setCharset(getCharset());
errorPages.put(errorPage.getName(), errorPage);
}
public Map<String,ErrorPage> getErrorPages() { return errorPages; }
@@ -440,6 +442,7 @@ public class WebXml extends XmlEncodingBase implements
DocumentProperties.Charse
// Digester will check there is only one of these
private LoginConfig loginConfig = null;
public void setLoginConfig(LoginConfig loginConfig) {
+ loginConfig.setCharset(getCharset());
this.loginConfig = loginConfig;
}
public LoginConfig getLoginConfig() { return loginConfig; }
diff --git a/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
b/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
index 29ddc24..2c0195e 100644
--- a/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
+++ b/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
@@ -19,6 +19,8 @@ package org.apache.tomcat.util.descriptor.web;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -486,4 +488,45 @@ public class TestWebXml {
webxml.merge(fragments);
}
+
+
+ @Test
+ public void testEncoding() {
+ WebXml webXml = new WebXml();
+ webXml.setCharset(StandardCharsets.ISO_8859_1);
+
+ webXml.addErrorPage(new ErrorPage());
+ Collection<ErrorPage> errorPages = webXml.getErrorPages().values();
+ for (ErrorPage errorPage : errorPages) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
errorPage.getCharset());
+ }
+
+ webXml.addFilterMapping(new FilterMap());
+ Set<FilterMap> filterMaps = webXml.getFilterMappings();
+ for (FilterMap filterMap : filterMaps) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
filterMap.getCharset());
+ }
+
+ webXml.addJspPropertyGroup(new JspPropertyGroup());
+ Set<JspPropertyGroup> jspPropertyGroups =
webXml.getJspPropertyGroups();
+ for (JspPropertyGroup jspPropertyGroup : jspPropertyGroups) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
jspPropertyGroup.getCharset());
+ }
+
+ webXml.setLoginConfig(new LoginConfig());
+ LoginConfig loginConfig = webXml.getLoginConfig();
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
loginConfig.getCharset());
+
+ SecurityConstraint constraint = new SecurityConstraint();
+ constraint.addCollection(new SecurityCollection());
+ webXml.addSecurityConstraint(constraint);
+ Set<SecurityConstraint> securityConstraints =
webXml.getSecurityConstraints();
+ for (SecurityConstraint securityConstraint : securityConstraints) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
securityConstraint.getCharset());
+ for (SecurityCollection securityCollection :
securityConstraint.findCollections()) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
securityCollection.getCharset());
+ }
+ }
+
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 92114c6..69ffa99 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 10.0.0-M4 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Ensure all URL patterns provided via web.xml are %nn decoded
+ consistently using the encoding of the web.xml file where specified and
+ UTF-8 where no explicit encoding is specified. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
