[jboss-remoting-commits] JBoss Remoting SVN: r5424 - remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet.

[jboss-remoting-commits at lists.jboss.org]

Author: ron.sigal at jboss.com
Date: 2009-09-01 21:02:41 -0400 (Tue, 01 Sep 2009)
New Revision: 5424

Modified:
   remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java
Log:
JBREM-1101: Checks that application supplied content-type doesn't have LF or CR.

Modified: remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java
===================================================================
--- remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java	2009-09-02 00:45:56 UTC (rev 5423)
+++ remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java	2009-09-02 01:02:41 UTC (rev 5424)
@@ -251,7 +251,14 @@
 
          if(invocationResponse != null)
          {
-            response.setContentType(requestContentType);
+            if (isInvalidContentType(requestContentType))
+            {
+               log.warn("Ignoring invalid content-type from client: " + requestContentType);
+            }
+            else
+            {
+               response.setContentType(requestContentType);
+            }
             int iContentLength = getContentLength(invocationResponse);
             response.setContentLength(iContentLength);
             ServletOutputStream outputStream = response.getOutputStream();
@@ -477,10 +484,19 @@
             {
                responseContentType = (String) responseMap.get("Content-Type");
             }
-            if(responseContentType == null)
+            
+            if (responseContentType != null)
             {
-               responseContentType = responseObject == null ? requestContentType : WebUtil.getContentType(responseObject);
+               if (isInvalidContentType(responseContentType))
+               {
+                  log.warn("Ignoring invalid content-type from ServerInvocationHandler: " + responseContentType);
+                  responseContentType = WebUtil.getContentType(responseObject); 
+               }
             }
+            else
+            {
+               responseContentType = WebUtil.getContentType(responseObject); 
+            }
             response.setContentType(responseContentType);
             ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
             Marshaller marshaller = getMarshaller();
@@ -510,6 +526,11 @@
       return retval;
    }
    
+   static private boolean isInvalidContentType(String contentType)
+   {
+      return contentType.indexOf('\n') + contentType.indexOf('\r') > -2;
+   }
+   
    private boolean checkForExceptionReturn(Map headers)
    {
       boolean flag = false;