JBoss Remoting SVN: r5424 - remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet. - jboss-remoting-commits

Tuesday, 1 September 2009


Author: ron.sigal(a)jboss.com
Date: 2009-09-01 21:02:41 -0400 (Tue, 01 Sep 2009)
New Revision: 5424

Modified:
  
remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java
Log:
JBREM-1101: Checks that application supplied content-type doesn't have LF or CR.

Modified:
remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java
===================================================================
---
remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java	2009-09-02
00:45:56 UTC (rev 5423)
+++
remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet/ServletServerInvoker.java	2009-09-02
01:02:41 UTC (rev 5424)
@@ -251,7 +251,14 @@
 
          if(invocationResponse != null)
          {
-            response.setContentType(requestContentType);
+            if (isInvalidContentType(requestContentType))
+            {
+               log.warn("Ignoring invalid content-type from client: " +
requestContentType);
+            }
+            else
+            {
+               response.setContentType(requestContentType);
+            }
             int iContentLength = getContentLength(invocationResponse);
             response.setContentLength(iContentLength);
             ServletOutputStream outputStream = response.getOutputStream();
@@ -477,10 +484,19 @@
             {
                responseContentType = (String) responseMap.get("Content-Type");
             }
-            if(responseContentType == null)
+            
+            if (responseContentType != null)
             {
-               responseContentType = responseObject == null ? requestContentType :
WebUtil.getContentType(responseObject);
+               if (isInvalidContentType(responseContentType))
+               {
+                  log.warn("Ignoring invalid content-type from
ServerInvocationHandler: " + responseContentType);
+                  responseContentType = WebUtil.getContentType(responseObject); 
+               }
             }
+            else
+            {
+               responseContentType = WebUtil.getContentType(responseObject); 
+            }
             response.setContentType(responseContentType);
             ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
             Marshaller marshaller = getMarshaller();
@@ -510,6 +526,11 @@
       return retval;
    }
    
+   static private boolean isInvalidContentType(String contentType)
+   {
+      return contentType.indexOf('\n') + contentType.indexOf('\r') >
-2;
+   }
+   
    private boolean checkForExceptionReturn(Map headers)
    {
       boolean flag = false;


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

JBoss Remoting SVN: r5424 - remoting2/branches/2.2/src/main/org/jboss/remoting/transport/servlet.