Author: markt
Date: Sat Jan 31 09:52:13 2009
New Revision: 739532
URL: http://svn.apache.org/viewvc?rev=739532&view=rev
Log:
Remove duplicate definitions and make normalise consistent
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationHttpRequest.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java
tomcat/tc6.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Jan 31 09:52:13 2009
@@ -1 +1 @@
-/tomcat/trunk:601180,606992,612607,630314,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,690781,691392,691805,692748,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729809,729815,729934,730250,730590,731651,732859,732863
+/tomcat/trunk:601180,606992,612607,630314,652744,653247,673796,673820,683982,684001,684081,684234,684269-684270,685177,687503,687645,690781,691392,691805,692748,695053,695311,696780,696782,698012,698227,698236,698613,699427,699634,701355,709294,709811,709816,710063,710066,710125,710205,711126,711600,712461,712467,718360,719602,719626,719628,720046,720069,721040,723404,723738,726052,727303,728032,728768,728947,729057,729567,729569,729571,729809,729815,729934,730250,730590,731651,732859,732863,734734
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sat Jan 31 09:52:13 2009
@@ -132,11 +132,6 @@
+1: markt, fhanik
-1:
-* Remove duplicate definitions and make normalise consistent
- http://svn.apache.org/viewvc?rev=734734&view=rev
- +1: markt, remm, fhanik
- -1:
-
* Align installer licenses with main license file
http://svn.apache.org/viewvc?rev=734743&view=rev
+1: markt, fhanik
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/Request.java Sat
Jan 31 09:52:13 2009
@@ -1278,10 +1278,9 @@
int pos = requestPath.lastIndexOf('/');
String relative = null;
if (pos >= 0) {
- relative = RequestUtil.normalize
- (requestPath.substring(0, pos + 1) + path);
+ relative = requestPath.substring(0, pos + 1) + path;
} else {
- relative = RequestUtil.normalize(requestPath + path);
+ relative = requestPath + path;
}
return (context.getServletContext().getRequestDispatcher(relative));
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationContext.java
Sat Jan 31 09:52:13 2009
@@ -44,6 +44,7 @@
import org.apache.catalina.Wrapper;
import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.util.Enumerator;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ResourceSet;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.StringManager;
@@ -378,7 +379,7 @@
path = path.substring(0, pos);
}
- path = normalize(path);
+ path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -463,7 +464,7 @@
throw new
MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae",
path));
- path = normalize(path);
+ path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -512,13 +513,16 @@
*/
public InputStream getResourceAsStream(String path) {
- path = normalize(path);
if (path == null)
return (null);
if (!path.startsWith("/") && Globals.STRICT_SERVLET_COMPLIANCE)
return null;
-
+
+ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
DirContext resources = context.getResources();
if (resources != null) {
try {
@@ -551,7 +555,7 @@
(sm.getString("applicationContext.resourcePaths.iae", path));
}
- path = normalize(path);
+ path = RequestUtil.normalize(path);
if (path == null)
return (null);
@@ -858,45 +862,6 @@
/**
- * Return a context-relative path, beginning with a "/", that represents
- * the canonical version of the specified path after ".." and "." elements
- * are resolved out. If the specified path attempts to go outside the
- * boundaries of the current context (i.e. too many ".." path elements
- * are present), return <code>null</code> instead.
- *
- * @param path Path to be normalized
- */
- private String normalize(String path) {
-
- if (path == null) {
- return null;
- }
-
- String normalized = path;
-
- // Normalize the slashes
- if (normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
-
- // Resolve occurrences of "/../" in the normalized path
- while (true) {
- int index = normalized.indexOf("/../");
- if (index < 0)
- break;
- if (index == 0)
- return (null); // Trying to go outside our context
- int index2 = normalized.lastIndexOf('/', index - 1);
- normalized = normalized.substring(0, index2) +
- normalized.substring(index + 3);
- }
-
- // Return the normalized path that we have completed
- return (normalized);
-
- }
-
-
- /**
* Merge the context initialization parameters specified in the application
* deployment descriptor with the application parameters described in the
* server configuration, respecting the <code>override</code> property of
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationHttpRequest.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationHttpRequest.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationHttpRequest.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/core/ApplicationHttpRequest.java
Sat Jan 31 09:52:13 2009
@@ -318,10 +318,9 @@
int pos = requestPath.lastIndexOf('/');
String relative = null;
if (pos >= 0) {
- relative = RequestUtil.normalize
- (requestPath.substring(0, pos + 1) + path);
+ relative = requestPath.substring(0, pos + 1) + path;
} else {
- relative = RequestUtil.normalize(requestPath + path);
+ relative = requestPath + path;
}
return (context.getServletContext().getRequestDispatcher(relative));
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
Sat Jan 31 09:52:13 2009
@@ -1413,71 +1413,6 @@
}
- /**
- * Return a context-relative path, beginning with a "/", that represents
- * the canonical version of the specified path after ".." and "." elements
- * are resolved out. If the specified path attempts to go outside the
- * boundaries of the current context (i.e. too many ".." path elements
- * are present), return <code>null</code> instead.
- *
- * @param path Path to be normalized
- */
- protected String normalize(String path) {
-
- if (path == null)
- return null;
-
- // Create a place for the normalized path
- String normalized = path;
-
- if (normalized == null)
- return (null);
-
- if (normalized.equals("/."))
- return "/";
-
- // Normalize the slashes and add leading slash if necessary
- if (normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
- if (!normalized.startsWith("/"))
- normalized = "/" + normalized;
-
- // Resolve occurrences of "//" in the normalized path
- while (true) {
- int index = normalized.indexOf("//");
- if (index < 0)
- break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 1);
- }
-
- // Resolve occurrences of "/./" in the normalized path
- while (true) {
- int index = normalized.indexOf("/./");
- if (index < 0)
- break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 2);
- }
-
- // Resolve occurrences of "/../" in the normalized path
- while (true) {
- int index = normalized.indexOf("/../");
- if (index < 0)
- break;
- if (index == 0)
- return (null); // Trying to go outside our context
- int index2 = normalized.lastIndexOf('/', index - 1);
- normalized = normalized.substring(0, index2) +
- normalized.substring(index + 3);
- }
-
- // Return the normalized path that we have completed
- return (normalized);
-
- }
-
-
// -------------------------------------------------------- Private Methods
/**
@@ -1632,7 +1567,7 @@
}
// Normalise destination path (remove '.' and '..')
- destinationPath = normalize(destinationPath);
+ destinationPath = RequestUtil.normalize(destinationPath);
String contextPath = req.getContextPath();
if ((contextPath != null) &&
@@ -2384,7 +2319,8 @@
if (!toAppend.startsWith("/"))
toAppend = "/" + toAppend;
- generatedXML.writeText(rewriteUrl(normalize(absoluteUri + toAppend)));
+ generatedXML.writeText(rewriteUrl(RequestUtil.normalize(
+ absoluteUri + toAppend)));
generatedXML.writeElement(null, "href", XMLWriter.CLOSING);
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletExternalResolver.java
Sat Jan 31 09:52:13 2009
@@ -31,6 +31,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
+import org.apache.catalina.util.RequestUtil;
import org.apache.coyote.Constants;
/**
@@ -370,7 +371,7 @@
+ pathWithoutContext);
}
String fullPath = prefix + path;
- String retVal = SSIServletRequestUtil.normalize(fullPath);
+ String retVal = RequestUtil.normalize(fullPath);
if (retVal == null) {
throw new IOException("Normalization yielded null on path: "
+ fullPath);
@@ -403,7 +404,7 @@
return new ServletContextAndPath(context,
getAbsolutePath(virtualPath));
} else {
- String normalized = SSIServletRequestUtil.normalize(virtualPath);
+ String normalized = RequestUtil.normalize(virtualPath);
if (isVirtualWebappRelative) {
return new ServletContextAndPath(context, normalized);
} else {
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
---
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
(original)
+++
tomcat/tc6.0.x/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
Sat Jan 31 09:52:13 2009
@@ -47,7 +47,7 @@
if ((result == null) || (result.equals(""))) {
result = "/";
}
- return normalize(result);
+ return RequestUtil.normalize(result);
}
@@ -63,15 +63,9 @@
*
* @param path
* Path to be normalized
+ * @deprecated
*/
public static String normalize(String path) {
- if (path == null) return null;
- String normalized = path;
- //Why doesn't RequestUtil do this??
- // Normalize the slashes and add leading slash if necessary
- if (normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
- normalized = RequestUtil.normalize(path);
- return normalized;
+ return RequestUtil.normalize(path);
}
}
\ No newline at end of file
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/util/RequestUtil.java Sat Jan
31 09:52:13 2009
@@ -93,6 +93,19 @@
* @param path Relative path to be normalized
*/
public static String normalize(String path) {
+ return normalize(path, true);
+ }
+
+ /**
+ * Normalize a relative URI path that may have relative values ("/./",
+ * "/../", and so on ) it it. <strong>WARNING</strong> - This method is
+ * useful only for normalizing application-generated paths. It does not
+ * try to perform security checks for malicious input.
+ *
+ * @param path Relative path to be normalized
+ * @param replaceBackSlash Should '\\' be replaced with '/'
+ */
+ public static String normalize(String path, boolean replaceBackSlash) {
if (path == null)
return null;
@@ -100,6 +113,9 @@
// Create a place for the normalized path
String normalized = path;
+ if (replaceBackSlash && normalized.indexOf('\\') >= 0)
+ normalized = normalized.replace('\\', '/');
+
if (normalized.equals("/."))
return "/";
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/naming/resources/FileDirContext.java
Sat Jan 31 09:52:13 2009
@@ -37,6 +37,7 @@
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
+import org.apache.catalina.util.RequestUtil;
import org.apache.naming.NamingContextBindingsEnumeration;
import org.apache.naming.NamingContextEnumeration;
import org.apache.naming.NamingEntry;
@@ -765,50 +766,10 @@
*/
protected String normalize(String path) {
- String normalized = path;
+ return RequestUtil.normalize(path, File.separatorChar == '\\');
- // Normalize the slashes and add leading slash if necessary
- if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
- if (!normalized.startsWith("/"))
- normalized = "/" + normalized;
-
- // Resolve occurrences of "//" in the normalized path
- while (true) {
- int index = normalized.indexOf("//");
- if (index < 0)
- break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 1);
- }
-
- // Resolve occurrences of "/./" in the normalized path
- while (true) {
- int index = normalized.indexOf("/./");
- if (index < 0)
- break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 2);
- }
-
- // Resolve occurrences of "/../" in the normalized path
- while (true) {
- int index = normalized.indexOf("/../");
- if (index < 0)
- break;
- if (index == 0)
- return (null); // Trying to go outside our context
- int index2 = normalized.lastIndexOf('/', index - 1);
- normalized = normalized.substring(0, index2) +
- normalized.substring(index + 3);
}
- // Return the normalized path that we have completed
- return (normalized);
-
- }
-
-
/**
* Return a File object representing the specified normalized
* context-relative path if it exists and is readable. Otherwise,
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=739532&r1=739531&r2=739532&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sat Jan 31 09:52:13 2009
@@ -256,6 +256,10 @@
<fix>
<bug>46408</bug>: Fix invalid cast in security utility package. (markt)
</fix>
+ <fix>
+ Remove duplicate normalisation implementations and make normalise
+ behaviour consistent throughout code base. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
