Revert r1647051
git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1647507 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/connector/Response.java b/java/org/apache/catalina/connector/Response.java
index 0d58c53..91dc589 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -45,12 +45,12 @@
import org.apache.catalina.Session;
import org.apache.catalina.Wrapper;
import org.apache.catalina.security.SecurityUtil;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.SessionConfig;
import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.UEncoder;
import org.apache.tomcat.util.http.FastHttpDateFormat;
-import org.apache.tomcat.util.http.HttpMessages;
import org.apache.tomcat.util.http.MimeHeaders;
import org.apache.tomcat.util.http.parser.MediaTypeCache;
import org.apache.tomcat.util.net.URL;
@@ -1297,7 +1297,7 @@
if (getContext().getSendRedirectBody()) {
PrintWriter writer = getWriter();
writer.print(sm.getString("coyoteResponse.sendRedirect.note",
- HttpMessages.filter(absolute)));
+ RequestUtil.filter(absolute)));
flushBuffer();
}
} catch (IllegalArgumentException e) {
diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index 3097ceb..83d33ed 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -49,9 +49,9 @@
import org.apache.catalina.manager.util.ReverseComparator;
import org.apache.catalina.manager.util.SessionUtils;
import org.apache.catalina.util.ContextName;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.URLEncoder;
-import org.apache.tomcat.util.http.HttpMessages;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -356,7 +356,7 @@
if (message == null || message.length() == 0) {
args[1] = "OK";
} else {
- args[1] = HttpMessages.filter(message);
+ args[1] = RequestUtil.filter(message);
}
writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
@@ -447,19 +447,19 @@
args = new Object[7];
args[0] = "<a href=\"" + URL_ENCODER.encode(contextPath + "/")
- + "\">" + HttpMessages.filter(displayPath) + "</a>";
+ + "\">" + RequestUtil.filter(displayPath) + "</a>";
if ("".equals(ctxt.getWebappVersion())) {
args[1] = noVersion;
} else {
- args[1] = HttpMessages.filter(ctxt.getWebappVersion());
+ args[1] = RequestUtil.filter(ctxt.getWebappVersion());
}
if (ctxt.getDisplayName() == null) {
args[2] = " ";
} else {
- args[2] = HttpMessages.filter(ctxt.getDisplayName());
+ args[2] = RequestUtil.filter(ctxt.getDisplayName());
}
args[3] = Boolean.valueOf(ctxt.getState().isAvailable());
- args[4] = HttpMessages.filter(response.encodeURL(request.getContextPath() +
+ args[4] = RequestUtil.filter(response.encodeURL(request.getContextPath() +
"/html/sessions?" + pathVersion));
Manager manager = ctxt.getManager();
if (manager instanceof DistributedManager && showProxySessions) {
@@ -477,19 +477,19 @@
(MessageFormat.format(APPS_ROW_DETAILS_SECTION, args));
args = new Object[14];
- args[0] = HttpMessages.filter(response.encodeURL(request
+ args[0] = RequestUtil.filter(response.encodeURL(request
.getContextPath() + "/html/start?" + pathVersion));
args[1] = appsStart;
- args[2] = HttpMessages.filter(response.encodeURL(request
+ args[2] = RequestUtil.filter(response.encodeURL(request
.getContextPath() + "/html/stop?" + pathVersion));
args[3] = appsStop;
- args[4] = HttpMessages.filter(response.encodeURL(request
+ args[4] = RequestUtil.filter(response.encodeURL(request
.getContextPath() + "/html/reload?" + pathVersion));
args[5] = appsReload;
- args[6] = HttpMessages.filter(response.encodeURL(request
+ args[6] = RequestUtil.filter(response.encodeURL(request
.getContextPath() + "/html/undeploy?" + pathVersion));
args[7] = appsUndeploy;
- args[8] = HttpMessages.filter(response.encodeURL(request
+ args[8] = RequestUtil.filter(response.encodeURL(request
.getContextPath() + "/html/expire?" + pathVersion));
args[9] = appsExpire;
args[10] = smClient.getString(
@@ -829,14 +829,14 @@
}
throw new IllegalArgumentException(smClient.getString(
"managerServlet.invalidPath",
- HttpMessages.filter(path)));
+ RequestUtil.filter(path)));
}
Context ctxt = (Context) host.findChild(cn.getName());
if (null == ctxt) {
throw new IllegalArgumentException(smClient.getString(
"managerServlet.noContext",
- HttpMessages.filter(cn.getDisplayName())));
+ RequestUtil.filter(cn.getDisplayName())));
}
Manager manager = ctxt.getManager();
List<Session> sessions = new ArrayList<>();
diff --git a/java/org/apache/catalina/manager/ManagerServlet.java b/java/org/apache/catalina/manager/ManagerServlet.java
index 482f26c..47ec336 100644
--- a/java/org/apache/catalina/manager/ManagerServlet.java
+++ b/java/org/apache/catalina/manager/ManagerServlet.java
@@ -56,10 +56,10 @@
import org.apache.catalina.core.StandardHost;
import org.apache.catalina.startup.ExpandWar;
import org.apache.catalina.util.ContextName;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.tomcat.util.Diagnostics;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.http.HttpMessages;
import org.apache.tomcat.util.modeler.Registry;
import org.apache.tomcat.util.res.StringManager;
@@ -995,7 +995,7 @@
Context context = (Context) host.findChild(cn.getName());
if (context == null) {
writer.println(smClient.getString("managerServlet.noContext",
- HttpMessages.filter(cn.getDisplayName())));
+ RequestUtil.filter(cn.getDisplayName())));
return;
}
// It isn't possible for the manager to reload itself
@@ -1163,13 +1163,13 @@
Context context = (Context) host.findChild(cn.getName());
if (context == null) {
writer.println(smClient.getString("managerServlet.noContext",
- HttpMessages.filter(displayPath)));
+ RequestUtil.filter(displayPath)));
return;
}
Manager manager = context.getManager() ;
if(manager == null) {
writer.println(smClient.getString("managerServlet.noManager",
- HttpMessages.filter(displayPath)));
+ RequestUtil.filter(displayPath)));
return;
}
int maxCount = 60;
@@ -1287,7 +1287,7 @@
Context context = (Context) host.findChild(cn.getName());
if (context == null) {
writer.println(smClient.getString("managerServlet.noContext",
- HttpMessages.filter(displayPath)));
+ RequestUtil.filter(displayPath)));
return;
}
context.start();
@@ -1332,7 +1332,7 @@
Context context = (Context) host.findChild(cn.getName());
if (context == null) {
writer.println(smClient.getString("managerServlet.noContext",
- HttpMessages.filter(displayPath)));
+ RequestUtil.filter(displayPath)));
return;
}
// It isn't possible for the manager to stop itself
@@ -1379,13 +1379,13 @@
Context context = (Context) host.findChild(name);
if (context == null) {
writer.println(smClient.getString("managerServlet.noContext",
- HttpMessages.filter(displayPath)));
+ RequestUtil.filter(displayPath)));
return;
}
if (!isDeployed(name)) {
writer.println(smClient.getString("managerServlet.notDeployed",
- HttpMessages.filter(displayPath)));
+ RequestUtil.filter(displayPath)));
return;
}
@@ -1578,7 +1578,7 @@
String path = null;
if (cn != null) {
- path = HttpMessages.filter(cn.getPath());
+ path = RequestUtil.filter(cn.getPath());
}
writer.println(sm.getString("managerServlet.invalidPath", path));
return false;
diff --git a/java/org/apache/catalina/manager/StatusTransformer.java b/java/org/apache/catalina/manager/StatusTransformer.java
index 2add1fe..6d97d14 100644
--- a/java/org/apache/catalina/manager/StatusTransformer.java
+++ b/java/org/apache/catalina/manager/StatusTransformer.java
@@ -37,8 +37,8 @@
import javax.management.ObjectName;
import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.util.RequestUtil;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.http.HttpMessages;
/**
* This is a refactoring of the servlet to externalize
@@ -504,7 +504,7 @@
(pName, "currentQueryString");
if ((queryString != null) && (!queryString.equals(""))) {
writer.write("?");
- writer.print(HttpMessages.filter(queryString));
+ writer.print(RequestUtil.filter(queryString));
}
writer.write(" ");
writer.write(filter(mBeanServer.getAttribute
@@ -559,7 +559,7 @@
(pName, "currentQueryString");
if ((queryString != null) && (!queryString.equals(""))) {
writer.write(" currentQueryString=\""
- + HttpMessages.filter(queryString) + "\"");
+ + RequestUtil.filter(queryString) + "\"");
} else {
writer.write(" currentQueryString=\"?\"");
}
diff --git a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
index 59420d6..f4319d1 100644
--- a/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
+++ b/java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
@@ -33,8 +33,8 @@
import org.apache.catalina.Container;
import org.apache.catalina.Host;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
-import org.apache.tomcat.util.http.HttpMessages;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -252,7 +252,7 @@
if (message == null || message.length() == 0) {
args[1] = "OK";
} else {
- args[1] = HttpMessages.filter(message);
+ args[1] = RequestUtil.filter(message);
}
writer.print(MessageFormat.format(Constants.MESSAGE_SECTION, args));
@@ -310,7 +310,7 @@
if (host != null ) {
args = new Object[2];
- args[0] = HttpMessages.filter(hostName);
+ args[0] = RequestUtil.filter(hostName);
String[] aliases = host.findAliases();
StringBuilder buf = new StringBuilder();
if (aliases.length > 0) {
@@ -324,7 +324,7 @@
buf.append(" ");
args[1] = buf.toString();
} else {
- args[1] = HttpMessages.filter(buf.toString());
+ args[1] = RequestUtil.filter(buf.toString());
}
writer.print
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
index 0ce971c..b522add 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -66,9 +66,9 @@
import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.RequestFacade;
import org.apache.catalina.connector.ResponseFacade;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.catalina.util.URLEncoder;
-import org.apache.tomcat.util.http.HttpMessages;
import org.apache.tomcat.util.res.StringManager;
import org.apache.tomcat.util.security.PrivilegedGetTccl;
import org.apache.tomcat.util.security.PrivilegedSetTccl;
@@ -1305,7 +1305,7 @@
.append("'");
sb.append(">");
- sb.append(HttpMessages.filter(entry));
+ sb.append(RequestUtil.filter(entry));
if (childResource.isDirectory())
sb.append("/");
sb.append("</entry>");
@@ -1467,7 +1467,7 @@
if (childResource.isDirectory())
sb.append("/");
sb.append("\"><tt>");
- sb.append(HttpMessages.filter(entry));
+ sb.append(RequestUtil.filter(entry));
if (childResource.isDirectory())
sb.append("/");
sb.append("</tt></a></td>\r\n");
diff --git a/java/org/apache/catalina/users/MemoryUser.java b/java/org/apache/catalina/users/MemoryUser.java
index 79887e1..c54e97d 100644
--- a/java/org/apache/catalina/users/MemoryUser.java
+++ b/java/org/apache/catalina/users/MemoryUser.java
@@ -25,7 +25,7 @@
import org.apache.catalina.Group;
import org.apache.catalina.Role;
import org.apache.catalina.UserDatabase;
-import org.apache.tomcat.util.http.HttpMessages;
+import org.apache.catalina.util.RequestUtil;
/**
* <p>Concrete implementation of {@link org.apache.catalina.User} for the
@@ -258,13 +258,13 @@
public String toXml() {
StringBuilder sb = new StringBuilder("<user username=\"");
- sb.append(HttpMessages.filter(username));
+ sb.append(RequestUtil.filter(username));
sb.append("\" password=\"");
- sb.append(HttpMessages.filter(password));
+ sb.append(RequestUtil.filter(password));
sb.append("\"");
if (fullName != null) {
sb.append(" fullName=\"");
- sb.append(HttpMessages.filter(fullName));
+ sb.append(RequestUtil.filter(fullName));
sb.append("\"");
}
synchronized (groups) {
@@ -277,7 +277,7 @@
sb.append(',');
}
n++;
- sb.append(HttpMessages.filter(values.next().getGroupname()));
+ sb.append(RequestUtil.filter(values.next().getGroupname()));
}
sb.append("\"");
}
@@ -292,7 +292,7 @@
sb.append(',');
}
n++;
- sb.append(HttpMessages.filter(values.next().getRolename()));
+ sb.append(RequestUtil.filter(values.next().getRolename()));
}
sb.append("\"");
}
@@ -309,11 +309,11 @@
public String toString() {
StringBuilder sb = new StringBuilder("User username=\"");
- sb.append(HttpMessages.filter(username));
+ sb.append(RequestUtil.filter(username));
sb.append("\"");
if (fullName != null) {
sb.append(", fullName=\"");
- sb.append(HttpMessages.filter(fullName));
+ sb.append(RequestUtil.filter(fullName));
sb.append("\"");
}
synchronized (groups) {
@@ -326,7 +326,7 @@
sb.append(',');
}
n++;
- sb.append(HttpMessages.filter(values.next().getGroupname()));
+ sb.append(RequestUtil.filter(values.next().getGroupname()));
}
sb.append("\"");
}
@@ -341,7 +341,7 @@
sb.append(',');
}
n++;
- sb.append(HttpMessages.filter(values.next().getRolename()));
+ sb.append(RequestUtil.filter(values.next().getRolename()));
}
sb.append("\"");
}
diff --git a/java/org/apache/catalina/util/RequestUtil.java b/java/org/apache/catalina/util/RequestUtil.java
index 6ac9803..5bda170 100644
--- a/java/org/apache/catalina/util/RequestUtil.java
+++ b/java/org/apache/catalina/util/RequestUtil.java
@@ -45,6 +45,44 @@
/**
+ * Filter the specified message string for characters that are sensitive
+ * in HTML. This avoids potential attacks caused by including JavaScript
+ * codes in the request URL that is often reported in error messages.
+ *
+ * @param message The message string to be filtered
+ */
+ public static String filter(String message) {
+
+ if (message == null)
+ return (null);
+
+ char content[] = new char[message.length()];
+ message.getChars(0, message.length(), content, 0);
+ StringBuilder result = new StringBuilder(content.length + 50);
+ for (int i = 0; i < content.length; i++) {
+ switch (content[i]) {
+ case '<':
+ result.append("<");
+ break;
+ case '>':
+ result.append(">");
+ break;
+ case '&':
+ result.append("&");
+ break;
+ case '"':
+ result.append(""");
+ break;
+ default:
+ result.append(content[i]);
+ }
+ }
+ return (result.toString());
+
+ }
+
+
+ /**
* Append request parameters from the specified String to the specified
* Map. It is presumed that the specified Map is not accessed from any
* other thread, so no synchronization is performed.
diff --git a/java/org/apache/catalina/valves/ErrorReportValve.java b/java/org/apache/catalina/valves/ErrorReportValve.java
index 11e3f67..7b1dabd 100644
--- a/java/org/apache/catalina/valves/ErrorReportValve.java
+++ b/java/org/apache/catalina/valves/ErrorReportValve.java
@@ -26,10 +26,10 @@
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.ServerInfo;
import org.apache.coyote.ActionCode;
import org.apache.tomcat.util.ExceptionUtils;
-import org.apache.tomcat.util.http.HttpMessages;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -149,12 +149,12 @@
if (statusCode < 400 || response.getContentWritten() > 0 || !response.setErrorReported()) {
return;
}
- String message = HttpMessages.filter(response.getMessage());
+ String message = RequestUtil.filter(response.getMessage());
if (message == null) {
if (throwable != null) {
String exceptionMessage = throwable.getMessage();
if (exceptionMessage != null && exceptionMessage.length() > 0) {
- message = HttpMessages.filter((new Scanner(exceptionMessage)).nextLine());
+ message = RequestUtil.filter((new Scanner(exceptionMessage)).nextLine());
}
}
if (message == null) {
@@ -227,7 +227,7 @@
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.exception"));
sb.append("</b></p><pre>");
- sb.append(HttpMessages.filter(stackTrace));
+ sb.append(RequestUtil.filter(stackTrace));
sb.append("</pre>");
int loops = 0;
@@ -237,7 +237,7 @@
sb.append("<p><b>");
sb.append(smClient.getString("errorReportValve.rootCause"));
sb.append("</b></p><pre>");
- sb.append(HttpMessages.filter(stackTrace));
+ sb.append(RequestUtil.filter(stackTrace));
sb.append("</pre>");
// In case root cause is somehow heavily nested
rootCause = rootCause.getCause();
diff --git a/java/org/apache/tomcat/util/http/HttpMessages.java b/java/org/apache/tomcat/util/http/HttpMessages.java
index a640b9a..25d1347 100644
--- a/java/org/apache/tomcat/util/http/HttpMessages.java
+++ b/java/org/apache/tomcat/util/http/HttpMessages.java
@@ -119,7 +119,7 @@
public static String filter(String message) {
if (message == null) {
- return null;
+ return (null);
}
char content[] = new char[message.length()];
@@ -143,7 +143,7 @@
result.append(content[i]);
}
}
- return result.toString();
+ return (result.toString());
}
/**
