On 7 January 2011 18:28, <ma...@apache.org> wrote:
> Author: markt
> Date: Fri Jan 7 18:28:40 2011
> New Revision: 1056445
>
> URL: http://svn.apache.org/viewvc?rev=1056445&view=rev
> Log:
> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50453
> Correctly handle multiple X-Forwarded-For headers in RemoteIpValve
> Patch provided by Jim Riggs
>
> Modified:
> tomcat/tc6.0.x/trunk/STATUS.txt
> tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
>
> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
> URL:
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1056445&r1=1056444&r2=1056445&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
> +++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Jan 7 18:28:40 2011
> @@ -201,12 +201,6 @@ PATCHES PROPOSED TO BACKPORT:
> +1: fhanik - fix indentation
> -1:
>
> -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50453
> - Correct handle multiple X-Forwarded-For headers in RemoteIpValve
> -
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?r1=1055482&r2=1055481&pathrev=1055482
> - +1: markt, fhanik, funkman
> - -1:
> -
> * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50550
> Requests for a newly created directory using MKCOL should not result in a
> 404
> http://svn.apache.org/viewvc?rev=1055975&view=rev
>
> Modified:
> tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> URL:
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java?rev=1056445&r1=1056444&r2=1056445&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> (original)
> +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/RemoteIpValve.java
> Fri Jan 7 18:28:40 2011
> @@ -19,6 +19,7 @@ package org.apache.catalina.valves;
>
> import java.io.IOException;
> import java.util.ArrayList;
> +import java.util.Enumeration;
> import java.util.Iterator;
> import java.util.LinkedList;
> import java.util.List;
> @@ -558,8 +559,17 @@ public class RemoteIpValve extends Valve
> String remoteIp = null;
> // In java 6, proxiesHeaderValue should be declared as a
> java.util.Deque
> LinkedList<String> proxiesHeaderValue = new LinkedList<String>();
> + StringBuffer concatRemoteIpHeaderValue = new StringBuffer();
Surely could use StringBuilder here?
> - String[] remoteIpHeaderValue =
> commaDelimitedListToStringArray(request.getHeader(remoteIpHeader));
> + for (Enumeration<String> e = request.getHeaders(remoteIpHeader);
> e.hasMoreElements();) {
> + if (concatRemoteIpHeaderValue.length() > 0) {
> + concatRemoteIpHeaderValue.append(", ");
> + }
> +
> + concatRemoteIpHeaderValue.append(e.nextElement());
> + }
> +
> + String[] remoteIpHeaderValue =
> commaDelimitedListToStringArray(concatRemoteIpHeaderValue.toString());
> int idx;
> // loop on remoteIpHeaderValue to find the first trusted remote
> ip and to build the proxies chain
> for (idx = remoteIpHeaderValue.length - 1; idx >= 0; idx--) {
>
> Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
> URL:
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1056445&r1=1056444&r2=1056445&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
> +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Jan 7 18:28:40 2011
> @@ -185,6 +185,10 @@
> exceptions. (markt)
> </add>
> <fix>
> + <bug>50453</bug>: Correctly handle multiple
> <code>X-Forwarded-For</code>
> + headers in the RemoteIpValve. Patch provided by Jim Riggs. (markt)
> + </fix>
> + <fix>
> <bug>50459</bug>: Fix thread/classloader binding issues in
> StandardContext. (slaurent)
> </fix>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
