jboss-remoting-commits
September 2009
jboss-remoting-commits@lists.jboss.org
- 1 participants
- 141 discussions
JBoss Remoting SVN: r5411 - remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote.
by jboss-remoting-commits@lists.jboss.org
Author: ron.sigal(a)jboss.com
Date: 2009-08-31 22:52:51 -0400 (Mon, 31 Aug 2009)
New Revision: 5411
Modified:
remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java
Log:
JBREM-1101: Checks that application supplied content-type doesn't have LF or CR.
Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java
===================================================================
--- remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java 2009-08-31 21:43:58 UTC (rev 5410)
+++ remoting2/branches/2.x/src/main/org/jboss/remoting/transport/coyote/CoyoteInvoker.java 2009-09-01 02:52:51 UTC (rev 5411)
@@ -509,10 +509,42 @@
case Version.VERSION_2_2:
{
String responseContentType = (String) response.get("Content-Type");
- if(responseContentType == null)
+ if (responseContentType != null)
{
- responseContentType = responseObject == null ? req.getContentType() : WebUtil.getContentType(responseObject);
+ if (isInvalidContentType(responseContentType))
+ {
+ log.warn("Ignoring invalid content-type from ServerInvocationHandler: " + responseContentType);
+ if (responseObject == null)
+ {
+ responseContentType = req.getContentType();
+ if (isInvalidContentType(responseContentType))
+ {
+ log.warn("Ignoring invalid content-type from request: " + responseContentType);
+ responseContentType = WebUtil.getContentType(responseObject);
+ }
+ }
+ else
+ {
+ responseContentType = WebUtil.getContentType(responseObject);
+ }
+ }
}
+ else
+ {
+ if (responseObject == null)
+ {
+ responseContentType = req.getContentType();
+ if (isInvalidContentType(responseContentType))
+ {
+ log.warn("Ignoring invalid content-type from request: " + responseContentType);
+ responseContentType = WebUtil.getContentType(responseObject);
+ }
+ }
+ else
+ {
+ responseContentType = WebUtil.getContentType(responseObject);
+ }
+ }
res.setContentType(responseContentType);
if (responseObject instanceof String)
@@ -1168,6 +1200,11 @@
return true;
}
+ static private boolean isInvalidContentType(String contentType)
+ {
+ return contentType.indexOf('\n') + contentType.indexOf('\r') > -2;
+ }
+
static private Object forName(final String className) throws ClassNotFoundException
{
if (SecurityUtility.skipAccessControl())
15 years, 2 months
- 1
- 0