cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector HttpResponseBase.java

[patrickl]

patrickl    01/11/13 11:48:13

  Modified:    catalina/src/share/org/apache/catalina/connector Tag:
                        tomcat_40_branch HttpResponseBase.java
  Log:
  Trap uncaught exceptions thrown by certain malformed URIs and return SC_NOT_FOUND 
instead. These uncaught exceptions are thrown when URIs contain more "/.." directories 
than non "/.." directories. For example, http://localhost/.. and 
http://localhost/examples/../.. will both throw these uncaught exceptions.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.37.2.2  +11 -7     
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java
  
  Index: HttpResponseBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
  retrieving revision 1.37.2.1
  retrieving revision 1.37.2.2
  diff -u -r1.37.2.1 -r1.37.2.2
  --- HttpResponseBase.java     2001/10/04 19:26:57     1.37.2.1
  +++ HttpResponseBase.java     2001/11/13 19:48:13     1.37.2.2
  @@ -1,7 +1,7 @@
   /*
  - * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
 1.37.2.1 2001/10/04 19:26:57 remm Exp $
  - * $Revision: 1.37.2.1 $
  - * $Date: 2001/10/04 19:26:57 $
  + * $Header: 
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
 1.37.2.2 2001/11/13 19:48:13 patrickl Exp $
  + * $Revision: 1.37.2.2 $
  + * $Date: 2001/11/13 19:48:13 $
    *
    * ====================================================================
    *
  @@ -101,7 +101,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.37.2.1 $ $Date: 2001/10/04 19:26:57 $
  + * @version $Revision: 1.37.2.2 $ $Date: 2001/11/13 19:48:13 $
    */
   
   public class HttpResponseBase
  @@ -1087,9 +1087,13 @@
           resetBuffer();
   
           // Generate a temporary redirect to the specified location
  -        String absolute = toAbsolute(location);
  -        setStatus(SC_MOVED_TEMPORARILY);
  -        setHeader("Location", absolute);
  +        try {
  +            String absolute = toAbsolute(location);
  +            setStatus(SC_MOVED_TEMPORARILY);
  +            setHeader("Location", absolute);
  +        } catch (IllegalArgumentException e) {
  +            setStatus(SC_NOT_FOUND);
  +        }
   
       }
   
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>