Author: markt
Date: Sat Jun 13 19:19:18 2009
New Revision: 784455
URL: http://svn.apache.org/viewvc?rev=784455&view=rev
Log:
Remove case insensitivity option. It was a workaround for a change in Tomcat 3
and has security implications if used on case insensitive file systems.
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
tomcat/trunk/java/org/apache/naming/resources/FileDirContext.java
tomcat/trunk/java/org/apache/tomcat/util/buf/MessageBytes.java
tomcat/trunk/webapps/docs/config/context.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=784455&r1=784454&r2=784455&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Sat Jun 13
19:19:18 2009
@@ -640,12 +640,6 @@
/**
- * Case sensitivity.
- */
- protected boolean caseSensitive = true;
-
-
- /**
* Allow linking.
*/
protected boolean allowLinking = false;
@@ -774,22 +768,6 @@
/**
- * Set case sensitivity.
- */
- public void setCaseSensitive(boolean caseSensitive) {
- this.caseSensitive = caseSensitive;
- }
-
-
- /**
- * Is case sensitive ?
- */
- public boolean isCaseSensitive() {
- return caseSensitive;
- }
-
-
- /**
* Set allow linking.
*/
public void setAllowLinking(boolean allowLinking) {
@@ -1937,7 +1915,6 @@
}
if (resources instanceof FileDirContext) {
filesystemBased = true;
- ((FileDirContext) resources).setCaseSensitive(isCaseSensitive());
((FileDirContext) resources).setAllowLinking(isAllowLinking());
}
this.webappResources = resources;
@@ -4108,8 +4085,6 @@
new ProxyDirContext(env, webappResources);
if (webappResources instanceof FileDirContext) {
filesystemBased = true;
- ((FileDirContext) webappResources).setCaseSensitive
- (isCaseSensitive());
((FileDirContext) webappResources).setAllowLinking
(isAllowLinking());
}
Modified: tomcat/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml?rev=784455&r1=784454&r2=784455&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml (original)
+++ tomcat/trunk/java/org/apache/catalina/core/mbeans-descriptors.xml Sat Jun
13 19:19:18 2009
@@ -74,11 +74,6 @@
is="true"
type="boolean"/>
- <attribute name="caseSensitive"
- description="Should case sensitivity checks be performed"
- is="true"
- type="boolean"/>
-
<attribute name="children"
description="Object names of all children"
type="[Ljavax.management.ObjectName;"/>
Modified: tomcat/trunk/java/org/apache/naming/resources/FileDirContext.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/resources/FileDirContext.java?rev=784455&r1=784454&r2=784455&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/naming/resources/FileDirContext.java (original)
+++ tomcat/trunk/java/org/apache/naming/resources/FileDirContext.java Sat Jun
13 19:19:18 2009
@@ -101,12 +101,6 @@
/**
- * Case sensitivity.
- */
- protected boolean caseSensitive = true;
-
-
- /**
* Allow linking.
*/
protected boolean allowLinking = false;
@@ -151,22 +145,6 @@
/**
- * Set case sensitivity.
- */
- public void setCaseSensitive(boolean caseSensitive) {
- this.caseSensitive = caseSensitive;
- }
-
-
- /**
- * Is case sensitive ?
- */
- public boolean isCaseSensitive() {
- return caseSensitive;
- }
-
-
- /**
* Set allow linking.
*/
public void setAllowLinking(boolean allowLinking) {
@@ -227,7 +205,6 @@
FileDirContext tempContext = new FileDirContext(env);
tempContext.setDocBase(file.getPath());
tempContext.setAllowLinking(getAllowLinking());
- tempContext.setCaseSensitive(isCaseSensitive());
result = tempContext;
} else {
result = new FileResource(file);
@@ -824,26 +801,24 @@
return null;
}
- // Case sensitivity check
- if (caseSensitive) {
- String fileAbsPath = file.getAbsolutePath();
- if (fileAbsPath.endsWith("."))
- fileAbsPath = fileAbsPath + "/";
- String absPath = normalize(fileAbsPath);
- canPath = normalize(canPath);
- if ((absoluteBase.length() < absPath.length())
- && (absoluteBase.length() < canPath.length())) {
- absPath = absPath.substring(absoluteBase.length() + 1);
- if (absPath == null)
- return null;
- if (absPath.equals(""))
- absPath = "/";
- canPath = canPath.substring(absoluteBase.length() + 1);
- if (canPath.equals(""))
- canPath = "/";
- if (!canPath.equals(absPath))
- return null;
- }
+ // Case sensitivity check - this is now always done
+ String fileAbsPath = file.getAbsolutePath();
+ if (fileAbsPath.endsWith("."))
+ fileAbsPath = fileAbsPath + "/";
+ String absPath = normalize(fileAbsPath);
+ canPath = normalize(canPath);
+ if ((absoluteBase.length() < absPath.length())
+ && (absoluteBase.length() < canPath.length())) {
+ absPath = absPath.substring(absoluteBase.length() + 1);
+ if (absPath == null)
+ return null;
+ if (absPath.equals(""))
+ absPath = "/";
+ canPath = canPath.substring(absoluteBase.length() + 1);
+ if (canPath.equals(""))
+ canPath = "/";
+ if (!canPath.equals(absPath))
+ return null;
}
} else {
@@ -887,7 +862,6 @@
FileDirContext tempContext = new FileDirContext(env);
tempContext.setDocBase(file.getPath());
tempContext.setAllowLinking(getAllowLinking());
- tempContext.setCaseSensitive(isCaseSensitive());
object = tempContext;
} else {
object = new FileResource(currentFile);
Modified: tomcat/trunk/java/org/apache/tomcat/util/buf/MessageBytes.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/buf/MessageBytes.java?rev=784455&r1=784454&r2=784455&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/buf/MessageBytes.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/buf/MessageBytes.java Sat Jun 13
19:19:18 2009
@@ -51,9 +51,6 @@
// did we computed the hashcode ?
private boolean hasHashCode=false;
- // Is the represented object case sensitive ?
- private boolean caseSensitive=true;
-
// Internal objects to represent array + offset, and specific methods
private ByteChunk byteC=new ByteChunk();
private CharChunk charC=new CharChunk();
@@ -78,12 +75,6 @@
return factory.newInstance();
}
- /** Configure the case sensitivity
- */
- public void setCaseSenitive( boolean b ) {
- caseSensitive=b;
- }
-
public MessageBytes getClone() {
try {
return (MessageBytes)this.clone();
@@ -107,7 +98,6 @@
charC.recycle();
strValue=null;
- caseSensitive=true;
hasStrValue=false;
hasHashCode=false;
@@ -298,8 +288,6 @@
* @return true if the comparison succeeded, false otherwise
*/
public boolean equals(String s) {
- if( ! caseSensitive )
- return equalsIgnoreCase( s );
switch (type) {
case T_STR:
if( strValue==null && s!=null) return false;
@@ -413,16 +401,13 @@
// -------------------- Hash code --------------------
public int hashCode() {
- if( hasHashCode ) return hashCode;
- int code = 0;
+ if( hasHashCode ) return hashCode;
+ int code = 0;
- if( caseSensitive )
- code=hash();
- else
- code=hashIgnoreCase();
- hashCode=code;
- hasHashCode=true;
- return code;
+ code=hash();
+ hashCode=code;
+ hasHashCode=true;
+ return code;
}
// normal hash.
@@ -444,24 +429,6 @@
}
}
- // hash ignoring case
- private int hashIgnoreCase() {
- int code=0;
- switch (type) {
- case T_STR:
- for (int i = 0; i < strValue.length(); i++) {
- code = code * 37 + Ascii.toLower(strValue.charAt( i ));
- }
- return code;
- case T_CHARS:
- return charC.hashIgnoreCase();
- case T_BYTES:
- return byteC.hashIgnoreCase();
- default:
- return 0;
- }
- }
-
public int indexOf(char c) {
return indexOf( c, 0);
}
Modified: tomcat/trunk/webapps/docs/config/context.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=784455&r1=784454&r2=784455&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Sat Jun 13 19:19:18 2009
@@ -328,16 +328,6 @@
of the flag is <code>true</code>.</p>
</attribute>
- <attribute name="caseSensitive" required="false">
- <p>If the value of this flag is <code>false</code>, all case
sensitivity
- checks will be disabled. If not
- specified, the default value of the flag is <code>true</code>.</p>
- <p><b>NOTE: This flag MUST NOT be set to false on the Windows platform
- (or any other OS which does not have a case sensitive filesystem),
- as it will disable case sensitivity checks, allowing JSP source code
- disclosure, among other security problems.</b></p>
- </attribute>
-
<attribute name="processTlds" required="false">
<p>Whether the context should process TLDs on startup. The default
is true. The false setting is intended for special cases
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
