This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3bb4e130fc1a44c24b6efcd23f6c4e23733f4eda
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Mar 16 15:57:13 2020 +0000
Make all calls to URLDecode use an explicit character set
---
java/org/apache/catalina/core/ApplicationContext.java | 3 ++-
java/org/apache/catalina/loader/WebappLoader.java | 8 ++++----
test/org/apache/catalina/util/TestRequestUtil.java | 4 ++--
3 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationContext.java
b/java/org/apache/catalina/core/ApplicationContext.java
index 881d513..e76c54c 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -74,6 +74,7 @@ import org.apache.catalina.util.URLEncoder;
import org.apache.naming.resources.DirContextURLStreamHandler;
import org.apache.naming.resources.Resource;
import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.buf.UDecoder;
@@ -446,7 +447,7 @@ public class ApplicationContext implements ServletContext {
if (getContext().getDispatchersUseEncodedPaths()) {
// Decode
- String decodedUri = UDecoder.URLDecode(normalizedUri,
StandardCharsets.UTF_8);
+ String decodedUri = UDecoder.URLDecode(normalizedUri,
B2CConverter.UTF_8);
// Security check to catch attempts to encode /../ sequences
normalizedUri = RequestUtil.normalize(decodedUri);
diff --git a/java/org/apache/catalina/loader/WebappLoader.java
b/java/org/apache/catalina/loader/WebappLoader.java
index d2d2751..b39e9c1 100644
--- a/java/org/apache/catalina/loader/WebappLoader.java
+++ b/java/org/apache/catalina/loader/WebappLoader.java
@@ -55,6 +55,7 @@ import org.apache.naming.resources.DirContextURLStreamHandler;
import org.apache.naming.resources.DirContextURLStreamHandlerFactory;
import org.apache.naming.resources.Resource;
import org.apache.tomcat.util.ExceptionUtils;
+import org.apache.tomcat.util.buf.B2CConverter;
import org.apache.tomcat.util.buf.UDecoder;
import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.modeler.Registry;
@@ -1107,12 +1108,11 @@ public class WebappLoader extends LifecycleMBeanBase
for (int i = 0; i < repositories.length; i++) {
String repository = repositories[i].toString();
if (repository.startsWith("file://"))
- repository =
UDecoder.URLDecode(repository.substring(7));
+ repository =
UDecoder.URLDecode(repository.substring(7), B2CConverter.ISO_8859_1);
else if (repository.startsWith("file:"))
- repository =
UDecoder.URLDecode(repository.substring(5));
+ repository =
UDecoder.URLDecode(repository.substring(5), B2CConverter.ISO_8859_1);
else if (repository.startsWith("jndi:"))
- repository =
-
servletContext.getRealPath(repository.substring(5));
+ repository =
servletContext.getRealPath(repository.substring(5));
else
continue;
if (repository == null)
diff --git a/test/org/apache/catalina/util/TestRequestUtil.java
b/test/org/apache/catalina/util/TestRequestUtil.java
index a566737..1974587 100644
--- a/test/org/apache/catalina/util/TestRequestUtil.java
+++ b/test/org/apache/catalina/util/TestRequestUtil.java
@@ -26,7 +26,7 @@ public class TestRequestUtil {
// %n rather than %nn should throw an IAE according to the Javadoc
Exception exception = null;
try {
- RequestUtil.URLDecode("%5xxxxx");
+ RequestUtil.URLDecode("%5xxxxx", "UTF-8");
} catch (Exception e) {
exception = e;
}
@@ -35,7 +35,7 @@ public class TestRequestUtil {
// Edge case trying to trigger ArrayIndexOutOfBoundsException
exception = null;
try {
- RequestUtil.URLDecode("%5");
+ RequestUtil.URLDecode("%5", "UTF-8");
} catch (Exception e) {
exception = e;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
