[jboss-remoting-commits] JBoss Remoting SVN: r5413 - remoting2/branches/2.2/src/main/org/jboss/remoting/transport/coyote.

jboss-remoting-commits at lists.jboss.org jboss-remoting-commits at lists.jboss.org
Mon Aug 31 23:00:06 EDT 2009 

Author: ron.sigal at jboss.com
Date: 2009-08-31 23:00:06 -0400 (Mon, 31 Aug 2009)
New Revision: 5413

Modified:
   remoting2/branches/2.2/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java
Log:
JBREM-1101: Checks that application supplied content-type doesn't have LF or CR.

Modified: remoting2/branches/2.2/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java
===================================================================
--- remoting2/branches/2.2/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java	2009-09-01 02:54:00 UTC (rev 5412)
+++ remoting2/branches/2.2/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java	2009-09-01 03:00:06 UTC (rev 5413)
@@ -436,10 +436,42 @@
          case Version.VERSION_2_2:
          {
             String responseContentType = (String) response.get("Content-Type");
-            if(responseContentType == null)
+            if (responseContentType != null)
             {
-               responseContentType = responseObject == null ? req.getContentType() : WebUtil.getContentType(responseObject);
+               if (isInvalidContentType(responseContentType))
+               {
+                  log.warn("Ignoring invalid content-type from ServerInvocationHandler: " + responseContentType);
+                  if (responseObject == null)
+                  {
+                     responseContentType = req.getContentType();
+                     if (isInvalidContentType(responseContentType))
+                     {
+                        log.warn("Ignoring invalid content-type from request: " + responseContentType);
+                        responseContentType = WebUtil.getContentType(responseObject); 
+                     }
+                  }
+                  else
+                  {
+                     responseContentType = WebUtil.getContentType(responseObject); 
+                  }
+               }
             }
+            else
+            {
+               if (responseObject == null)
+               {
+                  responseContentType = req.getContentType();
+                  if (isInvalidContentType(responseContentType))
+                  {
+                     log.warn("Ignoring invalid content-type from request: " + responseContentType);
+                     responseContentType = WebUtil.getContentType(responseObject); 
+                  }
+               }
+               else
+               {
+                  responseContentType = WebUtil.getContentType(responseObject); 
+               }
+            }
             res.setContentType(responseContentType);
             
             if (responseObject instanceof String)
@@ -1046,4 +1078,9 @@
       return new String(chars);
    }
 
+   
+   static private boolean isInvalidContentType(String contentType)
+   {
+      return contentType.indexOf('\n') + contentType.indexOf('\r') > -2;
+   }
 }

More information about the jboss-remoting-commits mailing list