Author: markt
Date: Tue Jun 5 17:51:12 2007
New Revision: 544697
URL: http://svn.apache.org/viewvc?view=rev&rev=544697
Log:
Port fix for CVE-2007-1358 to TC5.0.x
Modified:
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
Modified:
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
URL:
http://svn.apache.org/viewvc/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java?view=diff&rev=544697&r1=544696&r2=544697
==============================================================================
---
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
(original)
+++
tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/coyote/tomcat5/CoyoteRequest.java
Tue Jun 5 17:51:12 2007
@@ -2539,6 +2539,9 @@
variant = "";
}
}
+ if (!isAlpha(language) || !isAlpha(country) || !isAlpha(variant)) {
+ continue;
+ }
// Add a new Locale to the list of Locales for this quality level
Locale locale = new Locale(language, country, variant);
@@ -2602,6 +2605,16 @@
throwable.printStackTrace(System.out);
}
+ }
+
+ protected static final boolean isAlpha(String value) {
+ for (int i = 0; i < value.length(); i++) {
+ char c = value.charAt(i);
+ if (!((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z'))) {
+ return false;
+ }
+ }
+ return true;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
