craigmcc 01/08/15 16:19:55
Modified: catalina/src/share/org/apache/catalina/connector
HttpRequestBase.java
catalina/src/share/org/apache/catalina/util RequestUtil.java
Log:
Fix 2 bugs in the implementation of ServletRequest.getRequestDispatcher().
* When called with a relative path, calculates a path based on
servletPath + "/../" + relativePath, but does not normalize it.
This ends up generating a 404 error on a subsequent forward or
include call. (This was the bug reported on #3098).
* When called within a servlet that was itself called via
RequestDispatcher.include(), would incorrectly resolve the relative
path against the *original* request URI, isntead of the one that
mapped to the included servlet.
PR: Bugzilla #3098
Submitted by: Bryan Basham <[EMAIL PROTECTED]>
Revision Changes Path
1.30 +9 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java
Index: HttpRequestBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- HttpRequestBase.java 2001/08/01 03:04:04 1.29
+++ HttpRequestBase.java 2001/08/15 23:19:55 1.30
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.29 2001/08/01 03:04:04 craigmcc Exp $
- * $Revision: 1.29 $
- * $Date: 2001/08/01 03:04:04 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpRequestBase.java,v
1.30 2001/08/15 23:19:55 craigmcc Exp $
+ * $Revision: 1.30 $
+ * $Date: 2001/08/15 23:19:55 $
*
* ====================================================================
*
@@ -84,6 +84,7 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
+import org.apache.catalina.Globals;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
@@ -101,7 +102,7 @@
* be implemented.
*
* @author Craig R. McClanahan
- * @version $Revision: 1.29 $ $Date: 2001/08/01 03:04:04 $
+ * @version $Revision: 1.30 $ $Date: 2001/08/15 23:19:55 $
*/
public class HttpRequestBase
@@ -744,8 +745,10 @@
return (context.getServletContext().getRequestDispatcher(path));
// Convert a request-relative path to a context-relative one
- String relative = getServletPath() + "/../" + path;
- // FIXME -- Canonicalize any ".." directory references!
+ String servletPath = (String) getAttribute(Globals.SERVLET_PATH_ATTR);
+ if (servletPath == null)
+ servletPath = getServletPath();
+ String relative = RequestUtil.normalize(servletPath + "/../" + path);
return (context.getServletContext().getRequestDispatcher(relative));
}
1.18 +63 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java
Index: RequestUtil.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- RequestUtil.java 2001/07/22 20:25:14 1.17
+++ RequestUtil.java 2001/08/15 23:19:55 1.18
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java,v
1.17 2001/07/22 20:25:14 pier Exp $
- * $Revision: 1.17 $
- * $Date: 2001/07/22 20:25:14 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/util/RequestUtil.java,v
1.18 2001/08/15 23:19:55 craigmcc Exp $
+ * $Revision: 1.18 $
+ * $Date: 2001/08/15 23:19:55 $
*
* ====================================================================
*
@@ -78,7 +78,7 @@
*
* @author Craig R. McClanahan
* @author Tim Tye
- * @version $Revision: 1.17 $ $Date: 2001/07/22 20:25:14 $
+ * @version $Revision: 1.18 $ $Date: 2001/08/15 23:19:55 $
*/
public final class RequestUtil {
@@ -181,6 +181,65 @@
}
}
return (result.toString());
+
+ }
+
+
+ /**
+ * Normalize a relative URI path that may have relative values ("/./",
+ * "/../", and so on ) it it. <strong>WARNING</strong> - This method is
+ * useful only for normalizing application-generated paths. It does not
+ * try to perform security checks for malicious input.
+ *
+ * @param path Relative path to be normalized
+ */
+ public static String normalize(String path) {
+
+ if (path == null)
+ return null;
+
+ // Create a place for the normalized path
+ String normalized = path;
+
+ if (normalized.equals("/."))
+ return "/";
+
+ // Add a leading "/" if necessary
+ if (!normalized.startsWith("/"))
+ normalized = "/" + normalized;
+
+ // Resolve occurrences of "//" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("//");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 1);
+ }
+
+ // Resolve occurrences of "/./" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/./");
+ if (index < 0)
+ break;
+ normalized = normalized.substring(0, index) +
+ normalized.substring(index + 2);
+ }
+
+ // Resolve occurrences of "/../" in the normalized path
+ while (true) {
+ int index = normalized.indexOf("/../");
+ if (index < 0)
+ break;
+ if (index == 0)
+ return (null); // Trying to go outside our context
+ int index2 = normalized.lastIndexOf('/', index - 1);
+ normalized = normalized.substring(0, index2) +
+ normalized.substring(index + 3);
+ }
+
+ // Return the normalized path that we have completed
+ return (normalized);
}
