svn commit: r1589633 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

Thu, 24 Apr 2014 01:29:13 -0700 

Author: markt
Date: Thu Apr 24 08:28:41 2014
New Revision: 1589633

URL: http://svn.apache.org/r1589633
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56430
Extend checks for suspicious URL patterns to include patterns of the form 
<code>*.a.b</code> which are not valid patterns for extension mappings.

Modified:
    tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1589633&r1=1589632&r2=1589633&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Thu Apr 24 
08:28:41 2014
@@ -6144,11 +6144,15 @@ public class StandardContext extends Con
      */
     private void checkUnusualURLPattern(String urlPattern) {
         if (log.isInfoEnabled()) {
-            if(urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
-                    urlPattern.charAt(urlPattern.length()-2) != '/')) {
+            // First group checks for '*' or '/foo*' style patterns
+            // Second group checks for *.foo.bar style patterns
+            if((urlPattern.endsWith("*") && (urlPattern.length() < 2 ||
+                        urlPattern.charAt(urlPattern.length()-2) != '/')) ||
+                    urlPattern.startsWith("*.") && urlPattern.length() > 2 &&
+                        urlPattern.lastIndexOf('.') > 1) {
                 log.info("Suspicious url pattern: \"" + urlPattern + "\"" +
                         " in context [" + getName() + "] - see" +
-                        " section SRV.11.2 of the Servlet specification" );
+                        " sections 12.1 and 12.2 of the Servlet 
specification");
             }
         }
     }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1589633&r1=1589632&r2=1589633&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Apr 24 08:28:41 2014
@@ -121,6 +121,11 @@
         systems if a file named <code>\</code> is encountered when scanning for
         TLDs. (markt)
       </fix>
+      <add>
+        <bug>56430</bug>: Extend checks for suspicious URL patterns to include
+        patterns of the form <code>*.a.b</code> which are not valid patterns 
for
+        extension mappings. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to