This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new f9ddc24fcf Expand access log escaping
f9ddc24fcf is described below
commit f9ddc24fcfcdfaea4a6953198d8636aca3e957bc
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Mar 30 08:53:09 2026 +0100
Expand access log escaping
---
java/org/apache/catalina/valves/AbstractAccessLogValve.java | 8 ++++----
webapps/docs/changelog.xml | 7 +++++++
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index b482b0e2ee..bf568dab61 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1169,10 +1169,10 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
} else {
buf.append(request.getMethod());
buf.append(' ');
- buf.append(request.getRequestURI());
+ escapeAndAppend(request.getRequestURI(), buf);
if (request.getQueryString() != null) {
buf.append('?');
- buf.append(request.getQueryString());
+ escapeAndAppend(request.getQueryString(), buf);
}
buf.append(' ');
buf.append(request.getProtocol());
@@ -1417,7 +1417,7 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
}
if (query != null) {
buf.append('?');
- buf.append(query);
+ escapeAndAppend(query, buf);
}
}
}
@@ -1448,7 +1448,7 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
@Override
public void addElement(CharArrayWriter buf, Request request, Response
response, long time) {
if (request != null) {
- buf.append(request.getRequestURI());
+ escapeAndAppend(request.getRequestURI(), buf);
} else {
buf.append('-');
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aab97ba6ad..1aad3cad83 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,13 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 11.0.21 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Add escaping for URI and query string in the access log. (markt)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Coyote">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
