This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3480b07b61 Use WebResource API to differentiate files and directories
3480b07b61 is described below
commit 3480b07b61745637da03aee1b39aad84c33c1116
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri May 2 16:42:30 2025 +0100
Use WebResource API to differentiate files and directories
It is much easier/more efficient to do this directly than via the
ServletContext API.
---
java/org/apache/catalina/servlets/CGIServlet.java | 37 +++++++++++++---------
.../catalina/servlets/LocalStrings.properties | 1 +
2 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index db03ae1955..ab3f7f6fd2 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -25,8 +25,6 @@ import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.Serial;
import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.net.URLDecoder;
import java.nio.file.Files;
import java.util.ArrayList;
@@ -46,12 +44,16 @@ import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletConfig;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
+import jakarta.servlet.UnavailableException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
+import org.apache.catalina.Globals;
+import org.apache.catalina.WebResource;
+import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.util.IOTools;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -247,6 +249,8 @@ public final class CGIServlet extends HttpServlet {
private final Set<String> cgiMethods = new HashSet<>();
private boolean cgiMethodsAll = false;
+ private transient WebResourceRoot resources = null;
+
/**
* The time (in milliseconds) to wait for the reading of stderr to
complete before terminating the CGI process.
@@ -382,6 +386,13 @@ public final class CGIServlet extends HttpServlet {
} else if (value != null) {
cmdLineArgumentsDecodedPattern = Pattern.compile(value);
}
+
+ // Load the web resources
+ resources = (WebResourceRoot)
getServletContext().getAttribute(Globals.RESOURCES_ATTR);
+
+ if (resources == null) {
+ throw new
UnavailableException(sm.getString("cgiServlet.noResources"));
+ }
}
@@ -810,7 +821,7 @@ public final class CGIServlet extends HttpServlet {
StringBuilder cgiPath = new StringBuilder();
StringBuilder urlPath = new StringBuilder();
- URL cgiScriptURL = null;
+ WebResource cgiScript = null;
if (cgiPathPrefix == null || cgiPathPrefix.isEmpty()) {
cgiPath.append(servletPath);
@@ -822,7 +833,7 @@ public final class CGIServlet extends HttpServlet {
StringTokenizer pathWalker = new StringTokenizer(pathInfo, "/");
- while (pathWalker.hasMoreElements() && cgiScriptURL == null) {
+ while (pathWalker.hasMoreElements() && (cgiScript == null ||
!cgiScript.isFile())) {
String urlSegment = pathWalker.nextToken();
cgiPath.append('/');
cgiPath.append(urlSegment);
@@ -831,15 +842,11 @@ public final class CGIServlet extends HttpServlet {
if (log.isTraceEnabled()) {
log.trace(sm.getString("cgiServlet.find.location",
cgiPath.toString()));
}
- try {
- cgiScriptURL = context.getResource(cgiPath.toString());
- } catch (MalformedURLException e) {
- // Ignore - should never happen
- }
+ cgiScript = resources.getResource(cgiPath.toString());
}
// No script was found
- if (cgiScriptURL == null) {
+ if (cgiScript == null || !cgiScript.isFile()) {
return new String[] { null, null, null, null };
}
@@ -849,7 +856,7 @@ public final class CGIServlet extends HttpServlet {
String cgiName = null;
String name = null;
- path = context.getRealPath(cgiPath.toString());
+ path = cgiScript.getCanonicalPath();
if (path == null) {
/*
* The script doesn't exist directly on the file system. It
might be located in an archive or similar.
@@ -865,14 +872,14 @@ public final class CGIServlet extends HttpServlet {
return new String[] { null, null, null, null };
}
- try (InputStream is =
context.getResourceAsStream(cgiPath.toString())) {
+ try (InputStream is = cgiScript.getInputStream()) {
synchronized (expandFileLock) {
// Check if file was created by concurrent request
if (!tmpCgiFile.exists()) {
try {
Files.copy(is, tmpCgiFile.toPath());
} catch (IOException ioe) {
-
log.warn(sm.getString("cgiServlet.expandFail", cgiScriptURL,
+
log.warn(sm.getString("cgiServlet.expandFail", cgiScript.getURL(),
tmpCgiFile.getAbsolutePath()),
ioe);
if (tmpCgiFile.exists()) {
if (!tmpCgiFile.delete()) {
@@ -883,13 +890,13 @@ public final class CGIServlet extends HttpServlet {
return new String[] { null, null, null,
null };
}
if (log.isDebugEnabled()) {
-
log.debug(sm.getString("cgiServlet.expandOk", cgiScriptURL,
+
log.debug(sm.getString("cgiServlet.expandOk", cgiScript.getURL(),
tmpCgiFile.getAbsolutePath()));
}
}
}
} catch (IOException ioe) {
- log.warn(sm.getString("cgiServlet.expandCloseFail",
cgiScriptURL), ioe);
+ log.warn(sm.getString("cgiServlet.expandCloseFail",
cgiScript.getURL()), ioe);
}
}
path = tmpCgiFile.getAbsolutePath();
diff --git a/java/org/apache/catalina/servlets/LocalStrings.properties
b/java/org/apache/catalina/servlets/LocalStrings.properties
index 5567e0e554..9060ddf340 100644
--- a/java/org/apache/catalina/servlets/LocalStrings.properties
+++ b/java/org/apache/catalina/servlets/LocalStrings.properties
@@ -26,6 +26,7 @@ cgiServlet.invalidArgumentDecoded=The decoded command line
argument [{0}] did no
cgiServlet.invalidArgumentEncoded=The encoded command line argument [{0}] did
not match the configured cmdLineArgumentsEncoded pattern [{1}]
cgiServlet.invalidCommand=Illegal Character in CGI command path ('.' or '..')
detected, not running CGI [{0}]
cgiServlet.notReady=CGI Servlet is not ready to run
+cgiServlet.noResources=No static resources were found
cgiServlet.runBadHeader=Bad header line [{0}]
cgiServlet.runFail=I/O problems processing CGI
cgiServlet.runHeaderReaderFail=I/O problems closing header reader
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
