remm 01/07/16 14:55:17
Modified: catalina/src/share/org/apache/catalina/connector/http
HttpProcessor.java
Log:
- Quick and dirty normalization of the URI. Obviously the code is not
optimized. I will write (errr, cut & paste from TC 3.3 code, actually) an
optimized version when I refactor the connector to port it to Coyote.
Unfortunately, I lost my prototype work in my HD crash this WE, so it will get
delayed a bit (I'm lucky I had committed my Coyote changes already).
- I hope the fix is adequate (Craig ?). Since the URI gets normalized way before
going in the mapper, it should be.
Revision Changes Path
1.29 +80 -5
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java
Index: HttpProcessor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- HttpProcessor.java 2001/06/18 23:28:39 1.28
+++ HttpProcessor.java 2001/07/16 21:55:17 1.29
@@ -1,6 +1,6 @@
-/* * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
1.28 2001/06/18 23:28:39 remm Exp $
- * $Revision: 1.28 $
- * $Date: 2001/06/18 23:28:39 $
+/* * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/http/HttpProcessor.java,v
1.29 2001/07/16 21:55:17 remm Exp $
+ * $Revision: 1.29 $
+ * $Date: 2001/07/16 21:55:17 $
*
* ====================================================================
*
@@ -106,7 +106,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.28 $ $Date: 2001/06/18 23:28:39 $
+ * @version $Revision: 1.29 $ $Date: 2001/07/16 21:55:17 $
*/
final class HttpProcessor
@@ -773,16 +773,91 @@
request.setRequestedSessionURL(false);
}
+ // Normalize URI (using String operations at the moment)
+ String normalizedUri = normalize(uri);
+ if (debug >= 1)
+ log("Normalized: '" + uri + "' to '" + normalizedUri + "'");
+
+ if (normalizedUri == null) {
+ log(" Invalid request URI: '" + uri + "'");
+ throw new IOException("Invalid URI: " + uri + "'");
+ }
+
// Set the corresponding request properties
((HttpRequest) request).setMethod(method);
request.setProtocol(protocol);
- ((HttpRequest) request).setRequestURI(uri);
+ ((HttpRequest) request).setRequestURI(normalizedUri);
request.setSecure(connector.getSecure());
request.setScheme(connector.getScheme());
if (debug >= 1)
log(" Request is '" + method + "' for '" + uri +
"' with protocol '" + protocol + "'");
+
+ }
+
+
+ /**
+ * Return a context-relative path, beginning with a "/", that represents
+ * the canonical version of the specified path after ".." and "." elements
+ * are resolved out. If the specified path attempts to go outside the
+ * boundaries of the current context (i.e. too many ".." path elements
+ * are present), return <code>null</code> instead.
+ *
+ * @param path Path to be normalized
+ */
+ protected String normalize(String path) {
+
+ if (path == null)
+ return null;
+
+ // Create a place for the normalized path
+ String normalized = path;
+
+ if (normalized == null)
+ return (null);
+
+ if (normalized.equals("/."))
+ return "/";
+
+ // Normalize the slashes and add leading slash if necessary
+ if (normalized.indexOf('\\') >= 0)
+ normalized = normalized.replace('\\', '/');
+ if (!normalized.startsWith("/"))
+ normalized = "/" + normalized;
+
+ // Resolve occurrences of "//" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("//");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 1);
+ }
+
+ // Resolve occurrences of "/./" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/./");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 2);
+ }
+
+ // Resolve occurrences of "/../" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/../");
+ if (index < 0)
+ break;
+ if (index == 0)
+ return (null); // Trying to go outside our context
+ int index2 = normalized.lastIndexOf('/', index - 1);
+ normalized = normalized.substring(0, index2) +
+ normalized.substring(index + 3);
+ }
+
+ // Return the normalized path that we have completed
+ return (normalized);
}
