Author: remy.maucherat(a)jboss.com
Date: 2008-08-04 07:15:14 -0400 (Mon, 04 Aug 2008)
New Revision: 733
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java
Log:
- CVE-2008-2370: request dispatcher query string.
Modified:
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java
===================================================================
---
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java 2008-07-29
15:41:07 UTC (rev 732)
+++
branches/JBOSSWEB_2_0_0_GA_CP/src/share/classes/org/apache/catalina/core/ApplicationContext.java 2008-08-04
11:15:14 UTC (rev 733)
@@ -368,10 +368,21 @@
throw new IllegalArgumentException
(sm.getString
("applicationContext.requestDispatcher.iae", path));
+
+ // Get query string
+ String queryString = null;
+ int pos = path.indexOf('?');
+ if (pos >= 0) {
+ queryString = path.substring(pos + 1);
+ path = path.substring(0, pos);
+ }
+
path = normalize(path);
if (path == null)
return (null);
+ pos = path.length();
+
// Use the thread local URI and mapping data
DispatchData dd = dispatchData.get();
if (dd == null) {
@@ -382,15 +393,6 @@
MessageBytes uriMB = dd.uriMB;
uriMB.recycle();
- // Get query string
- String queryString = null;
- int pos = path.indexOf('?');
- if (pos >= 0) {
- queryString = path.substring(pos + 1);
- } else {
- pos = path.length();
- }
-
// Use the thread local mapping data
MappingData mappingData = dd.mappingData;
Show replies by date