glenn 2003/01/02 05:03:16
Modified: catalina/src/share/org/apache/catalina/valves
RequestFilterValve.java
Log:
Catch null pointer property to match on, deny by default if found
Revision Changes Path
1.5 +16 -4
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java
Index: RequestFilterValve.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/valves/RequestFilterValve.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- RequestFilterValve.java 22 Jul 2001 20:25:15 -0000 1.4
+++ RequestFilterValve.java 2 Jan 2003 13:03:16 -0000 1.5
@@ -306,6 +306,18 @@
ValveContext context)
throws IOException, ServletException {
+ // Default to deny request if property is null
+ if (property == null) {
+ ServletResponse sres = response.getResponse();
+ if (sres instanceof HttpServletResponse) {
+ HttpServletResponse hres = (HttpServletResponse) sres;
+ hres.sendError(HttpServletResponse.SC_FORBIDDEN);
+ }
+ Exception e = new IllegalArgumentException();
+ getContainer().getLogger().log(e,"Request Denied, no property to filter
on");
+ return;
+ }
+
// Check the deny patterns, if any
for (int i = 0; i < denies.length; i++) {
if (denies[i].match(property)) {
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
