[jbossweb-commits] JBossWeb SVN: r698 - in trunk: java/org/apache/coyote and 3 other directories.

Author: remy.maucherat(a)jboss.com Date: 2008-07-04 03:48:40 -0400 (Fri, 04 Jul 2008) New Revision: 698 Modified: trunk/java/org/apache/catalina/core/ApplicationContext.java trunk/java/org/apache/catalina/core/StandardContextValve.java trunk/java/org/apache/coyote/Constants.java trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java trunk/java/org/apache/coyote/ajp/AjpProcessor.java trunk/java/org/apache/coyote/http11/InternalAprOutputBuffer.java trunk/java/org/apache/coyote/http11/InternalOutputBuffer.java trunk/webapps/docs/changelog.xml trunk/webapps/docs/sysprops.xml Log: - Port two Tomcat patches. - No message in headers. - Query string fix in the RD. Modified: trunk/java/org/apache/catalina/core/ApplicationContext.java =================================================================== --- trunk/java/org/apache/catalina/core/ApplicationContext.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/catalina/core/ApplicationContext.java 2008-07-04 07:48:40 UTC (rev 698) @@ -369,10 +369,21 @@ throw new IllegalArgumentException (sm.getString ("applicationContext.requestDispatcher.iae", path)); + + // Get query string + String queryString = null; + int pos = path.indexOf('?'); + if (pos >= 0) { + queryString = path.substring(pos + 1); + path = path.substring(0, pos); + } + path = normalize(path); if (path == null) return (null); + pos = path.length(); + // Use the thread local URI and mapping data DispatchData dd = dispatchData.get(); if (dd == null) { @@ -383,15 +394,6 @@ MessageBytes uriMB = dd.uriMB; uriMB.recycle(); - // Get query string - String queryString = null; - int pos = path.indexOf('?'); - if (pos >= 0) { - queryString = path.substring(pos + 1); - } else { - pos = path.length(); - } - // Use the thread local mapping data MappingData mappingData = dd.mappingData; Modified: trunk/java/org/apache/catalina/core/StandardContextValve.java =================================================================== --- trunk/java/org/apache/catalina/core/StandardContextValve.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/catalina/core/StandardContextValve.java 2008-07-04 07:48:40 UTC (rev 698) @@ -120,8 +120,7 @@ || (requestPathMB.equalsIgnoreCase("/META-INF")) || (requestPathMB.startsWithIgnoreCase("/WEB-INF/", 0)) || (requestPathMB.equalsIgnoreCase("/WEB-INF"))) { - String requestURI = request.getDecodedRequestURI(); - notFound(requestURI, response); + notFound(response); return; } @@ -148,15 +147,13 @@ // Select the Wrapper to be used for this Request Wrapper wrapper = request.getWrapper(); if (wrapper == null) { - String requestURI = request.getDecodedRequestURI(); - notFound(requestURI, response); + notFound(response); return; } else if (!wrapper.isStarted()) { // May be as a result of a reload, try and find the new wrapper wrapper = (Wrapper) container.findChild(wrapper.getName()); if (wrapper == null) { - String requestURI = request.getDecodedRequestURI(); - notFound(requestURI, response); + notFound(response); return; } } @@ -308,10 +305,10 @@ * @param requestURI The request URI for the requested resource * @param response The response we are creating */ - private void notFound(String requestURI, HttpServletResponse response) { + protected void notFound(HttpServletResponse response) { try { - response.sendError(HttpServletResponse.SC_NOT_FOUND, requestURI); + response.sendError(HttpServletResponse.SC_NOT_FOUND); } catch (IllegalStateException e) { ; } catch (IOException e) { Modified: trunk/java/org/apache/coyote/Constants.java =================================================================== --- trunk/java/org/apache/coyote/Constants.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/coyote/Constants.java 2008-07-04 07:48:40 UTC (rev 698) @@ -60,5 +60,12 @@ (System.getSecurityManager() != null); + /** + * If true, custom HTTP status messages will be used in headers. + */ + public static final boolean USE_CUSTOM_STATUS_MSG_IN_HEADER = + Boolean.valueOf(System.getProperty( + "org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER", + "false")).booleanValue(); } Modified: trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java 2008-07-04 07:48:40 UTC (rev 698) @@ -915,7 +915,10 @@ // HTTP header contents responseHeaderMessage.appendInt(response.getStatus()); - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null){ message = HttpMessages.getMessage(response.getStatus()); } else { Modified: trunk/java/org/apache/coyote/ajp/AjpProcessor.java =================================================================== --- trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/coyote/ajp/AjpProcessor.java 2008-07-04 07:48:40 UTC (rev 698) @@ -921,7 +921,10 @@ // HTTP header contents responseHeaderMessage.appendInt(response.getStatus()); - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null){ message = HttpMessages.getMessage(response.getStatus()); } else { Modified: trunk/java/org/apache/coyote/http11/InternalAprOutputBuffer.java =================================================================== --- trunk/java/org/apache/coyote/http11/InternalAprOutputBuffer.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/coyote/http11/InternalAprOutputBuffer.java 2008-07-04 07:48:40 UTC (rev 698) @@ -430,11 +430,14 @@ buf[pos++] = Constants.SP; // Write message - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null) { write(HttpMessages.getMessage(status)); } else { - write(message); + write(message.replace('\n', ' ').replace('\r', ' ')); } // End the response status line Modified: trunk/java/org/apache/coyote/http11/InternalOutputBuffer.java =================================================================== --- trunk/java/org/apache/coyote/http11/InternalOutputBuffer.java 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/java/org/apache/coyote/http11/InternalOutputBuffer.java 2008-07-04 07:48:40 UTC (rev 698) @@ -422,11 +422,14 @@ buf[pos++] = Constants.SP; // Write message - String message = response.getMessage(); + String message = null; + if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { + message = response.getMessage(); + } if (message == null) { write(getMessage(status)); } else { - write(message); + write(message.replace('\n', ' ').replace('\r', ' ')); } // End the response status line Modified: trunk/webapps/docs/changelog.xml =================================================================== --- trunk/webapps/docs/changelog.xml 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/webapps/docs/changelog.xml 2008-07-04 07:48:40 UTC (rev 698) @@ -95,6 +95,9 @@ <fix> <jboss-jira>JBAS-5671</jboss-jira>: Check child the right child is passed when removing it. (remm) </fix> + <fix> + Extract the query string before normalization when getting a request dispatcher. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote"> @@ -118,6 +121,9 @@ <bug>45272</bug>: IE is not fully compliant, and the redone cookies could cause issues with quoted paths. (fhanik) </fix> + <fix> + Do not use custom messages in headers by default. (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> Modified: trunk/webapps/docs/sysprops.xml =================================================================== --- trunk/webapps/docs/sysprops.xml 2008-07-03 14:22:35 UTC (rev 697) +++ trunk/webapps/docs/sysprops.xml 2008-07-04 07:48:40 UTC (rev 698) @@ -110,11 +110,34 @@ with that id.</p> </property> + <property + name="org.apache.coyote. USE_CUSTOM_STATUS_MSG_IN_HEADER"> + <p>If this is <code>true</code> custom HTTP status messages will be used + within HTTP headers. Users must ensure that any such message is + ISO-8859-1 encoded, particularly if user provided input is included in + the message, to prevent a possible XSS vulnerability. If not specified + the default value of <code>false</code> will be used.</p> + </property> + </properties> </section> +<section name="EL"> + <properties> + + <property name="org.apache.el.parser.COERCE_TO_ZERO"> + <p>If <code>true</code>, when coercing expressions to numbers + <code>""</code> and <code>null</code> will be coerced to zero as required + by the specification. If not specified, the default value of + <code>true</code> will be used.</p> + </property> + + </properties> +</section> + + <section name="JSP"> <properties> @@ -130,6 +153,13 @@ be used.</p> </property> + <property name="org.apache.jasper.compiler. Parser.STRICT_QUOTE_ESCAPING"> + <p>If <code>false</code> the requirements for escpaing quotes in JSP + attributes will be relaxed so that a missing required quote will not + cause an error. If not specified, the specification compliant default of + <code>true</code> will be used.</p> + </property> + <!-- <property name="org.apache.jasper.runtime. BodyContentImpl.LIMIT_BUFFER"> <p>If <code>true</code>, any tag buffer that expands beyond