remm 2002/10/10 02:07:34
Modified: coyote/src/java/org/apache/coyote/tomcat5 CoyoteAdapter.java
CoyoteConnector.java
Log:
- Remove slow and ugly 4.0.x only code.
Revision Changes Path
1.4 +4 -105
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java
Index: CoyoteAdapter.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteAdapter.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- CoyoteAdapter.java 4 Oct 2002 19:27:09 -0000 1.3
+++ CoyoteAdapter.java 10 Oct 2002 09:07:33 -0000 1.4
@@ -286,22 +286,6 @@
// Parse session Id
parseSessionId(req, request);
- // Additional URI normalization and validation is needed for security
- // reasons on Tomcat 4.0.x
- if (connector.getUseURIValidationHack()) {
- String uri = validate(request.getRequestURI());
- if (uri == null) {
- res.setStatus(400);
- res.setMessage("Invalid URI");
- throw new IOException("Invalid URI");
- } else {
- req.requestURI().setString(uri);
- // Redoing the URI decoding
- req.decodedURI().duplicate(req.requestURI());
- req.getURLDecoder().convert(req.decodedURI(), true);
- }
- }
-
// Parse cookies
parseCookies(req, request);
@@ -391,91 +375,6 @@
}
request.setCookies(cookies);
-
- }
-
-
- /**
- * Return a context-relative path, beginning with a "/", that represents
- * the canonical version of the specified path after ".." and "." elements
- * are resolved out. If the specified path attempts to go outside the
- * boundaries of the current context (i.e. too many ".." path elements
- * are present), return <code>null</code> instead.
- * This code is not optimized, and is only needed for Tomcat 4.0.x.
- *
- * @param path Path to be validated
- */
- protected static String validate(String path) {
-
- if (path == null)
- return null;
-
- // Create a place for the normalized path
- String normalized = path;
-
- // Normalize "/%7E" and "/%7e" at the beginning to "/~"
- if (normalized.startsWith("/%7E") ||
- normalized.startsWith("/%7e"))
- normalized = "/~" + normalized.substring(4);
-
- // Prevent encoding '%', '/', '.' and '\', which are special reserved
- // characters
- if ((normalized.indexOf("%25") >= 0)
- || (normalized.indexOf("%2F") >= 0)
- || (normalized.indexOf("%2E") >= 0)
- || (normalized.indexOf("%5C") >= 0)
- || (normalized.indexOf("%2f") >= 0)
- || (normalized.indexOf("%2e") >= 0)
- || (normalized.indexOf("%5c") >= 0)) {
- return null;
- }
-
- if (normalized.equals("/."))
- return "/";
-
- // Normalize the slashes and add leading slash if necessary
- if (normalized.indexOf('\\') >= 0)
- normalized = normalized.replace('\\', '/');
- if (!normalized.startsWith("/"))
- normalized = "/" + normalized;
-
- // Resolve occurrences of "//" in the normalized path
- while (true) {
- int index = normalized.indexOf("//");
- if (index < 0)
- break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 1);
- }
-
- // Resolve occurrences of "/./" in the normalized path
- while (true) {
- int index = normalized.indexOf("/./");
- if (index < 0)
- break;
- normalized = normalized.substring(0, index) +
- normalized.substring(index + 2);
- }
-
- // Resolve occurrences of "/../" in the normalized path
- while (true) {
- int index = normalized.indexOf("/../");
- if (index < 0)
- break;
- if (index == 0)
- return (null); // Trying to go outside our context
- int index2 = normalized.lastIndexOf('/', index - 1);
- normalized = normalized.substring(0, index2) +
- normalized.substring(index + 3);
- }
-
- // Declare occurrences of "/..." (three or more dots) to be invalid
- // (on some Windows platforms this walks the directory tree!!!)
- if (normalized.indexOf("/...") >= 0)
- return (null);
-
- // Return the normalized path that we have completed
- return (normalized);
}
1.2 +4 -32
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteConnector.java
Index: CoyoteConnector.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteConnector.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- CoyoteConnector.java 4 Aug 2002 19:39:49 -0000 1.1
+++ CoyoteConnector.java 10 Oct 2002 09:07:33 -0000 1.2
@@ -306,12 +306,6 @@
/**
- * Use URI validation for Tomcat 5.0.x.
- */
- private boolean useURIValidationHack = true;
-
-
- /**
* Coyote protocol handler.
*/
private ProtocolHandler protocolHandler = null;
@@ -785,28 +779,6 @@
public void setTcpNoDelay(boolean tcpNoDelay) {
this.tcpNoDelay = tcpNoDelay;
-
- }
-
-
- /**
- * Return the value of the Uri validation flag.
- */
- public boolean getUseURIValidationHack() {
-
- return (this.useURIValidationHack);
-
- }
-
-
- /**
- * Set the value of the Uri validation flag.
- *
- * @param useURIValidationHack The new flag value
- */
- public void setUseURIValidationHack(boolean useURIValidationHack) {
-
- this.useURIValidationHack = useURIValidationHack;
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
