[jboss-remoting-commits] JBoss Remoting SVN: r5411 - remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote.

jboss-remoting-commits at lists.jboss.org jboss-remoting-commits at lists.jboss.org
Mon Aug 31 22:52:51 EDT 2009 

Author: ron.sigal at jboss.com
Date: 2009-08-31 22:52:51 -0400 (Mon, 31 Aug 2009)
New Revision: 5411

Modified:
   remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java
Log:
JBREM-1101: Checks that application supplied content-type doesn't have LF or CR.

Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java
===================================================================
--- remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java	2009-08-31 21:43:58 UTC (rev 5410)
+++ remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java	2009-09-01 02:52:51 UTC (rev 5411)
@@ -509,10 +509,42 @@
          case Version.VERSION_2_2:
          {
             String responseContentType = (String) response.get("Content-Type");
-            if(responseContentType == null)
+            if (responseContentType != null)
             {
-               responseContentType = responseObject == null ? req.getContentType() : WebUtil.getContentType(responseObject);
+               if (isInvalidContentType(responseContentType))
+               {
+                  log.warn("Ignoring invalid content-type from ServerInvocationHandler: " + responseContentType);
+                  if (responseObject == null)
+                  {
+                     responseContentType = req.getContentType();
+                     if (isInvalidContentType(responseContentType))
+                     {
+                        log.warn("Ignoring invalid content-type from request: " + responseContentType);
+                        responseContentType = WebUtil.getContentType(responseObject); 
+                     }
+                  }
+                  else
+                  {
+                     responseContentType = WebUtil.getContentType(responseObject); 
+                  }
+               }
             }
+            else
+            {
+               if (responseObject == null)
+               {
+                  responseContentType = req.getContentType();
+                  if (isInvalidContentType(responseContentType))
+                  {
+                     log.warn("Ignoring invalid content-type from request: " + responseContentType);
+                     responseContentType = WebUtil.getContentType(responseObject); 
+                  }
+               }
+               else
+               {
+                  responseContentType = WebUtil.getContentType(responseObject); 
+               }
+            }
             res.setContentType(responseContentType);
             
             if (responseObject instanceof String)
@@ -1168,6 +1200,11 @@
       return true;
    }
    
+   static private boolean isInvalidContentType(String contentType)
+   {
+      return contentType.indexOf('\n') + contentType.indexOf('\r') > -2;
+   }
+   
    static private Object forName(final String className) throws ClassNotFoundException
    {
       if (SecurityUtility.skipAccessControl())

More information about the jboss-remoting-commits mailing list