This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e90a77cda6 Expand access log escaping
e90a77cda6 is described below
commit e90a77cda62c91a9e4b2a87656ed814b6d292d1d
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Mar 30 08:53:09 2026 +0100
Expand access log escaping
---
java/org/apache/catalina/valves/AbstractAccessLogValve.java | 8 ++++----
webapps/docs/changelog.xml | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index 06b4bafb36..d147b9f90b 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1123,10 +1123,10 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
} else {
buf.append(request.getMethod());
buf.append(' ');
- buf.append(request.getRequestURI());
+ escapeAndAppend(request.getRequestURI(), buf);
if (request.getQueryString() != null) {
buf.append('?');
- buf.append(request.getQueryString());
+ escapeAndAppend(request.getQueryString(), buf);
}
buf.append(' ');
buf.append(request.getProtocol());
@@ -1371,7 +1371,7 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
}
if (query != null) {
buf.append('?');
- buf.append(query);
+ escapeAndAppend(query, buf);
}
}
}
@@ -1402,7 +1402,7 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
@Override
public void addElement(CharArrayWriter buf, Request request, Response
response, long time) {
if (request != null) {
- buf.append(request.getRequestURI());
+ escapeAndAppend(request.getRequestURI(), buf);
} else {
buf.append('-');
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index eb5c0e8a6d..9927cd890b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -190,6 +190,9 @@
codes defined in RFC 6585. (markt)
</scode>
<!-- Entries for backport and removal before 12.0.0-M1 below this line
-->
+ <fix>
+ Add escaping for URI and query string in the access log. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
