Author: ron.sigal(a)jboss.com Date: 2009-09-01 15:34:01 -0400 (Tue, 01 Sep 2009) New Revision: 5418 Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java Log: JBREM-1101: Checks that application supplied content-type doesn't have LF or CR. Modified: remoting2/branches/2.x/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java =================================================================== --- remoting2/branches/2.x/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java 2009-09-01 19:31:58 UTC (rev 5417) +++ remoting2/branches/2.x/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java 2009-09-01 19:34:01 UTC (rev 5418) @@ -480,10 +480,20 @@ { responseContentType = (String) responseMap.get("Content-Type"); } - if(responseContentType == null) + + if (responseContentType != null) { - responseContentType = responseObject == null ? requestContentType : WebUtil.getContentType(responseObject); + if (isInvalidContentType(responseContentType)) + { + log.warn("Ignoring invalid content-type from ServerInvocationHandler: " + responseContentType); + responseContentType = WebUtil.getContentType(responseObject); + } } + else + { + responseContentType = WebUtil.getContentType(responseObject); + } + log.info("responseContentType: " + responseContentType); response.setContentType(responseContentType); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); Marshaller marshaller = getMarshaller(); @@ -513,6 +523,11 @@ return retval; } + static private boolean isInvalidContentType(String contentType) + { + return contentType.indexOf('\n') + contentType.indexOf('\r') > -2; + } + private boolean checkForNoExceptionReturn(Map headers) { boolean flag = false;