This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 550af3c Ensure URL patterns provided via web.xml are %nn decoded
consistently
550af3c is described below
commit 550af3c7d6f3b278a41bc14244fddac20b67d77b
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Mar 16 14:46:50 2020 +0000
Ensure URL patterns provided via web.xml are %nn decoded consistently
Use the encoding of the web.xml file where specified and UTF-8 where no
explicit encoding is specified.
---
.../tomcat/util/descriptor/web/ErrorPage.java | 8 ++--
.../tomcat/util/descriptor/web/FilterMap.java | 2 +-
.../tomcat/util/descriptor/web/LoginConfig.java | 9 ++---
.../util/descriptor/web/SecurityCollection.java | 8 ++--
.../util/descriptor/web/SecurityConstraint.java | 10 +++++
.../apache/tomcat/util/descriptor/web/WebXml.java | 3 ++
.../tomcat/util/descriptor/web/TestWebXml.java | 43 ++++++++++++++++++++++
webapps/docs/changelog.xml | 9 +++++
8 files changed, 77 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
b/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
index f55dc5a..bf0920d 100644
--- a/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
+++ b/java/org/apache/tomcat/util/descriptor/web/ErrorPage.java
@@ -27,12 +27,12 @@ import org.apache.tomcat.util.buf.UDecoder;
*
* @author Craig R. McClanahan
*/
-public class ErrorPage implements Serializable {
+public class ErrorPage extends XmlEncodingBase implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2L;
- // ----------------------------------------------------- Instance Variables
+ // ----------------------------------------------------- Instance Variables
/**
* The error (status) code for which this error page is active. Note that
@@ -125,7 +125,7 @@ public class ErrorPage implements Serializable {
// if ((location == null) || !location.startsWith("/"))
// throw new IllegalArgumentException
// ("Error Page Location must start with a '/'");
- this.location = UDecoder.URLDecode(location);
+ this.location = UDecoder.URLDecode(location, getCharset());
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
index 5ece6a0..a8d6b89 100644
--- a/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
+++ b/java/org/apache/tomcat/util/descriptor/web/FilterMap.java
@@ -135,7 +135,7 @@ public class FilterMap extends XmlEncodingBase implements
Serializable {
} else {
String[] results = new String[urlPatterns.length + 1];
System.arraycopy(urlPatterns, 0, results, 0, urlPatterns.length);
- results[urlPatterns.length] = UDecoder.URLDecode(urlPattern);
+ results[urlPatterns.length] = UDecoder.URLDecode(urlPattern,
getCharset());
urlPatterns = results;
}
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
index e1c6952..053eb80 100644
--- a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
+++ b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
@@ -27,15 +27,14 @@ import org.apache.tomcat.util.buf.UDecoder;
*
* @author Craig R. McClanahan
*/
-public class LoginConfig implements Serializable {
+public class LoginConfig extends XmlEncodingBase implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2L;
// ----------------------------------------------------------- Constructors
-
/**
* Construct a new LoginConfig with default properties.
*/
@@ -97,7 +96,7 @@ public class LoginConfig implements Serializable {
// if ((errorPage == null) || !errorPage.startsWith("/"))
// throw new IllegalArgumentException
// ("Error Page resource path must start with a '/'");
- this.errorPage = UDecoder.URLDecode(errorPage);
+ this.errorPage = UDecoder.URLDecode(errorPage, getCharset());
}
@@ -114,7 +113,7 @@ public class LoginConfig implements Serializable {
// if ((loginPage == null) || !loginPage.startsWith("/"))
// throw new IllegalArgumentException
// ("Login Page resource path must start with a '/'");
- this.loginPage = UDecoder.URLDecode(loginPage);
+ this.loginPage = UDecoder.URLDecode(loginPage, getCharset());
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
index 45951bd..73b7a68 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityCollection.java
@@ -18,6 +18,7 @@ package org.apache.tomcat.util.descriptor.web;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
import org.apache.tomcat.util.buf.UDecoder;
@@ -209,11 +210,8 @@ public class SecurityCollection extends XmlEncodingBase
implements Serializable
if (pattern == null)
return;
- String decodedPattern = UDecoder.URLDecode(pattern);
- String results[] = new String[patterns.length + 1];
- for (int i = 0; i < patterns.length; i++) {
- results[i] = patterns[i];
- }
+ String decodedPattern = UDecoder.URLDecode(pattern, getCharset());
+ String[] results = Arrays.copyOf(patterns, patterns.length + 1);
results[patterns.length] = decodedPattern;
patterns = results;
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
index fc6b41c..08ec6d1 100644
--- a/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
+++ b/java/org/apache/tomcat/util/descriptor/web/SecurityConstraint.java
@@ -17,6 +17,7 @@
package org.apache.tomcat.util.descriptor.web;
import java.io.Serializable;
+import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -269,6 +270,15 @@ public class SecurityConstraint extends XmlEncodingBase
implements Serializable
}
+ @Override
+ public void setCharset(Charset charset) {
+ super.setCharset(charset);
+ for (SecurityCollection collection : collections) {
+ collection.setCharset(getCharset());
+ }
+ }
+
+
/**
* Add a new web resource collection to those protected by this
* security constraint.
diff --git a/java/org/apache/tomcat/util/descriptor/web/WebXml.java
b/java/org/apache/tomcat/util/descriptor/web/WebXml.java
index 42d1d75..eaae0e0 100644
--- a/java/org/apache/tomcat/util/descriptor/web/WebXml.java
+++ b/java/org/apache/tomcat/util/descriptor/web/WebXml.java
@@ -293,6 +293,7 @@ public class WebXml extends XmlEncodingBase implements
DocumentProperties.Encodi
private final Set<FilterMap> filterMaps = new LinkedHashSet<>();
private final Set<String> filterMappingNames = new HashSet<>();
public void addFilterMapping(FilterMap filterMap) {
+ filterMap.setCharset(getCharset());
filterMaps.add(filterMap);
filterMappingNames.add(filterMap.getFilterName());
}
@@ -394,6 +395,7 @@ public class WebXml extends XmlEncodingBase implements
DocumentProperties.Encodi
// error-page
private final Map<String,ErrorPage> errorPages = new HashMap<>();
public void addErrorPage(ErrorPage errorPage) {
+ errorPage.setCharset(getCharset());
errorPages.put(errorPage.getName(), errorPage);
}
public Map<String,ErrorPage> getErrorPages() { return errorPages; }
@@ -437,6 +439,7 @@ public class WebXml extends XmlEncodingBase implements
DocumentProperties.Encodi
// Digester will check there is only one of these
private LoginConfig loginConfig = null;
public void setLoginConfig(LoginConfig loginConfig) {
+ loginConfig.setCharset(getCharset());
this.loginConfig = loginConfig;
}
public LoginConfig getLoginConfig() { return loginConfig; }
diff --git a/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
b/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
index a6db7ab..681c99b 100644
--- a/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
+++ b/test/org/apache/tomcat/util/descriptor/web/TestWebXml.java
@@ -19,6 +19,8 @@ package org.apache.tomcat.util.descriptor.web;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
+import java.nio.charset.StandardCharsets;
+import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -470,4 +472,45 @@ public class TestWebXml {
webxml.merge(fragments);
}
+
+
+ @Test
+ public void testEncoding() {
+ WebXml webXml = new WebXml();
+ webXml.setCharset(StandardCharsets.ISO_8859_1);
+
+ webXml.addErrorPage(new ErrorPage());
+ Collection<ErrorPage> errorPages = webXml.getErrorPages().values();
+ for (ErrorPage errorPage : errorPages) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
errorPage.getCharset());
+ }
+
+ webXml.addFilterMapping(new FilterMap());
+ Set<FilterMap> filterMaps = webXml.getFilterMappings();
+ for (FilterMap filterMap : filterMaps) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
filterMap.getCharset());
+ }
+
+ webXml.addJspPropertyGroup(new JspPropertyGroup());
+ Set<JspPropertyGroup> jspPropertyGroups =
webXml.getJspPropertyGroups();
+ for (JspPropertyGroup jspPropertyGroup : jspPropertyGroups) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
jspPropertyGroup.getCharset());
+ }
+
+ webXml.setLoginConfig(new LoginConfig());
+ LoginConfig loginConfig = webXml.getLoginConfig();
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
loginConfig.getCharset());
+
+ SecurityConstraint constraint = new SecurityConstraint();
+ constraint.addCollection(new SecurityCollection());
+ webXml.addSecurityConstraint(constraint);
+ Set<SecurityConstraint> securityConstraints =
webXml.getSecurityConstraints();
+ for (SecurityConstraint securityConstraint : securityConstraints) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
securityConstraint.getCharset());
+ for (SecurityCollection securityCollection :
securityConstraint.findCollections()) {
+ Assert.assertEquals(StandardCharsets.ISO_8859_1,
securityCollection.getCharset());
+ }
+ }
+
+ }
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4666378..2fc7df9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -45,6 +45,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 8.5.54 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Ensure all URL patterns provided via web.xml are %nn decoded
+ consistently using the encoding of the web.xml file where specified and
+ UTF-8 where no explicit encoding is specified. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<add>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
