--- /dev/null
+Index: container/catalina/src/share/org/apache/naming/resources/FileDirContext.java
+===================================================================
+--- container/catalina/src/share/org/apache/naming/resources/FileDirContext.java (wersja 782756)
++++ container/catalina/src/share/org/apache/naming/resources/FileDirContext.java (wersja 782757)
+@@ -37,6 +37,7 @@
+ import javax.naming.directory.ModificationItem;
+ import javax.naming.directory.SearchControls;
+
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.naming.NamingContextBindingsEnumeration;
+ import org.apache.naming.NamingContextEnumeration;
+ import org.apache.naming.NamingEntry;
+@@ -773,50 +774,10 @@
+ */
+ protected String normalize(String path) {
+
+- String normalized = path;
++ return RequestUtil.normalize(path, File.separatorChar == '\\');
+
+- // Normalize the slashes and add leading slash if necessary
+- if (File.separatorChar == '\\' && normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+- if (!normalized.startsWith("/"))
+- normalized = "/" + normalized;
+-
+- // Resolve occurrences of "//" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("//");
+- if (index < 0)
+- break;
+- normalized = normalized.substring(0, index) +
+- normalized.substring(index + 1);
+ }
+
+- // Resolve occurrences of "/./" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/./");
+- if (index < 0)
+- break;
+- normalized = normalized.substring(0, index) +
+- normalized.substring(index + 2);
+- }
+-
+- // Resolve occurrences of "/../" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/../");
+- if (index < 0)
+- break;
+- if (index == 0)
+- return (null); // Trying to go outside our context
+- int index2 = normalized.lastIndexOf('/', index - 1);
+- normalized = normalized.substring(0, index2) +
+- normalized.substring(index + 3);
+- }
+-
+- // Return the normalized path that we have completed
+- return (normalized);
+-
+- }
+-
+-
+ /**
+ * Return a File object representing the specified normalized
+ * context-relative path if it exists and is readable. Otherwise,
+Index: container/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java (wersja 782757)
+@@ -318,10 +318,9 @@
+ int pos = requestPath.lastIndexOf('/');
+ String relative = null;
+ if (pos >= 0) {
+- relative = RequestUtil.normalize
+- (requestPath.substring(0, pos + 1) + path);
++ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+- relative = RequestUtil.normalize(requestPath + path);
++ relative = requestPath + path;
+ }
+
+ return (context.getServletContext().getRequestDispatcher(relative));
+Index: container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/core/ApplicationContext.java (wersja 782757)
+@@ -43,6 +43,7 @@
+ import org.apache.catalina.Wrapper;
+ import org.apache.catalina.deploy.ApplicationParameter;
+ import org.apache.catalina.util.Enumerator;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.catalina.util.ResourceSet;
+ import org.apache.catalina.util.ServerInfo;
+ import org.apache.catalina.util.StringManager;
+@@ -388,7 +389,7 @@
+ path = path.substring(0, pos);
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -475,7 +476,7 @@
+ throw new MalformedURLException(sm.getString("applicationContext.requestDispatcher.iae", path));
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -524,10 +525,13 @@
+ */
+ public InputStream getResourceAsStream(String path) {
+
+- path = normalize(path);
+ if (path == null || !path.startsWith("/"))
+ return (null);
+
++ path = RequestUtil.normalize(path);
++ if (path == null)
++ return null;
++
+ DirContext resources = context.getResources();
+ if (resources != null) {
+ try {
+@@ -560,7 +564,7 @@
+ (sm.getString("applicationContext.resourcePaths.iae", path));
+ }
+
+- path = normalize(path);
++ path = RequestUtil.normalize(path);
+ if (path == null)
+ return (null);
+
+@@ -870,45 +874,6 @@
+
+
+ /**
+- * Return a context-relative path, beginning with a "/", that represents
+- * the canonical version of the specified path after ".." and "." elements
+- * are resolved out. If the specified path attempts to go outside the
+- * boundaries of the current context (i.e. too many ".." path elements
+- * are present), return <code>null</code> instead.
+- *
+- * @param path Path to be normalized
+- */
+- private String normalize(String path) {
+-
+- if (path == null) {
+- return null;
+- }
+-
+- String normalized = path;
+-
+- // Normalize the slashes
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+-
+- // Resolve occurrences of "/../" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/../");
+- if (index < 0)
+- break;
+- if (index == 0)
+- return (null); // Trying to go outside our context
+- int index2 = normalized.lastIndexOf('/', index - 1);
+- normalized = normalized.substring(0, index2) +
+- normalized.substring(index + 3);
+- }
+-
+- // Return the normalized path that we have completed
+- return (normalized);
+-
+- }
+-
+-
+- /**
+ * Merge the context initialization parameters specified in the application
+ * deployment descriptor with the application parameters described in the
+ * server configuration, respecting the <code>override</code> property of
+Index: container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/servlets/WebdavServlet.java (wersja 782757)
+@@ -1369,76 +1369,6 @@
+ resp.setStatus(WebdavStatus.SC_NO_CONTENT);
+ }
+
+- /**
+- * Return a context-relative path, beginning with a "/", that represents
+- * the canonical version of the specified path after ".." and "." elements
+- * are resolved out. If the specified path attempts to go outside the
+- * boundaries of the current context (i.e. too many ".." path elements
+- * are present), return <code>null</code> instead.
+- *
+- * @param path Path to be normalized
+- */
+- protected String normalize(String path) {
+- if (path == null) {
+- return null;
+- }
+-
+- // Create a place for the normalized path
+- String normalized = path;
+-
+- if (normalized.equals("/.")) {
+- return "/";
+- }
+-
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0) {
+- normalized = normalized.replace('\\', '/');
+- }
+-
+- if (!normalized.startsWith("/")) {
+- normalized = "/" + normalized;
+- }
+-
+- // Resolve occurrences of "//" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("//");
+- if (index < 0) {
+- break;
+- }
+- normalized = normalized.substring(0, index) +
+- normalized.substring(index + 1);
+- }
+-
+- // Resolve occurrences of "/./" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/./");
+- if (index < 0) {
+- break;
+- }
+- normalized = normalized.substring(0, index) +
+- normalized.substring(index + 2);
+- }
+-
+- // Resolve occurrences of "/../" in the normalized path
+- while (true) {
+- int index = normalized.indexOf("/../");
+- if (index < 0) {
+- break;
+- }
+- if (index == 0) {
+- return (null); // Trying to go outside our context
+- }
+-
+- int index2 = normalized.lastIndexOf('/', index - 1);
+- normalized = normalized.substring(0, index2) +
+- normalized.substring(index + 3);
+- }
+-
+- // Return the normalized path that we have completed
+- return (normalized);
+- }
+-
+-
+ // -------------------------------------------------------- Private Methods
+
+ /**
+@@ -1589,7 +1519,7 @@
+ }
+
+ // Normalise destination path (remove '.' and '..')
+- destinationPath = normalize(destinationPath);
++ destinationPath = RequestUtil.normalize(destinationPath);
+
+ String contextPath = req.getContextPath();
+ if ((contextPath != null) &&
+@@ -2347,7 +2277,8 @@
+ if (!toAppend.startsWith("/"))
+ toAppend = "/" + toAppend;
+
+- generatedXML.writeText(rewriteUrl(normalize(absoluteUri + toAppend)));
++ generatedXML.writeText(rewriteUrl(RequestUtil.normalize(
++ absoluteUri + toAppend)));
+
+ generatedXML.writeElement(null, "href", XMLWriter.CLOSING);
+
+Index: container/catalina/src/share/org/apache/catalina/connector/Request.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/connector/Request.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/connector/Request.java (wersja 782757)
+@@ -1243,10 +1243,9 @@
+ int pos = requestPath.lastIndexOf('/');
+ String relative = null;
+ if (pos >= 0) {
+- relative = RequestUtil.normalize
+- (requestPath.substring(0, pos + 1) + path);
++ relative = requestPath.substring(0, pos + 1) + path;
+ } else {
+- relative = RequestUtil.normalize(requestPath + path);
++ relative = requestPath + path;
+ }
+
+ return (context.getServletContext().getRequestDispatcher(relative));
+Index: container/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/ssi/SSIServletRequestUtil.java (wersja 782757)
+@@ -48,7 +48,7 @@
+ if ((result == null) || (result.equals(""))) {
+ result = "/";
+ }
+- return normalize(result);
++ return RequestUtil.normalize(result);
+ }
+
+
+@@ -64,15 +64,9 @@
+ *
+ * @param path
+ * Path to be normalized
++ * @deprecated
+ */
+ public static String normalize(String path) {
+- if (path == null) return null;
+- String normalized = path;
+- //Why doesn't RequestUtil do this??
+- // Normalize the slashes and add leading slash if necessary
+- if (normalized.indexOf('\\') >= 0)
+- normalized = normalized.replace('\\', '/');
+- normalized = RequestUtil.normalize(path);
+- return normalized;
++ return RequestUtil.normalize(path);
+ }
+ }
+\ No newline at end of file
+Index: container/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/ssi/SSIServletExternalResolver.java (wersja 782757)
+@@ -32,6 +32,7 @@
+ import javax.servlet.http.HttpServletRequest;
+ import javax.servlet.http.HttpServletResponse;
+ import org.apache.catalina.connector.Request;
++import org.apache.catalina.util.RequestUtil;
+ import org.apache.coyote.Constants;
+
+ /**
+@@ -373,7 +374,7 @@
+ + pathWithoutContext);
+ }
+ String fullPath = prefix + path;
+- String retVal = SSIServletRequestUtil.normalize(fullPath);
++ String retVal = RequestUtil.normalize(fullPath);
+ if (retVal == null) {
+ throw new IOException("Normalization yielded null on path: "
+ + fullPath);
+@@ -406,7 +407,7 @@
+ return new ServletContextAndPath(context,
+ getAbsolutePath(virtualPath));
+ } else {
+- String normalized = SSIServletRequestUtil.normalize(virtualPath);
++ String normalized = RequestUtil.normalize(virtualPath);
+ if (isVirtualWebappRelative) {
+ return new ServletContextAndPath(context, normalized);
+ } else {
+Index: container/catalina/src/share/org/apache/catalina/util/RequestUtil.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/util/RequestUtil.java (wersja 782756)
++++ container/catalina/src/share/org/apache/catalina/util/RequestUtil.java (wersja 782757)
+@@ -147,13 +147,29 @@
+ * @param path Relative path to be normalized
+ */
+ public static String normalize(String path) {
++ return normalize(path, true);
++ }
+
++ /**
++ * Normalize a relative URI path that may have relative values ("/./",
++ * "/../", and so on ) it it. <strong>WARNING</strong> - This method is
++ * useful only for normalizing application-generated paths. It does not
++ * try to perform security checks for malicious input.
++ *
++ * @param path Relative path to be normalized
++ * @param replaceBackSlash Should '\\' be replaced with '/'
++ */
++ public static String normalize(String path, boolean replaceBackSlash) {
++
+ if (path == null)
+ return null;
+
+ // Create a place for the normalized path
+ String normalized = path;
+
++ if (replaceBackSlash && normalized.indexOf('\\') >= 0)
++ normalized = normalized.replace('\\', '/');
++
+ if (normalized.equals("/."))
+ return "/";
+
--- /dev/null
+Index: container/catalina/src/share/org/apache/catalina/core/StandardContext.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/core/StandardContext.java (wersja 781541)
++++ container/catalina/src/share/org/apache/catalina/core/StandardContext.java (wersja 781542)
+@@ -4140,10 +4140,6 @@
+ ((Lifecycle) pipeline).start();
+ }
+
+- if(getProcessTlds()) {
+- processTlds();
+- }
+-
+ // Notify our interested LifecycleListeners
+ lifecycle.fireLifecycleEvent(START_EVENT, null);
+
+@@ -4278,40 +4274,6 @@
+ }
+
+ /**
+- * Processes TLDs.
+- *
+- * @throws LifecycleException If an error occurs
+- */
+- protected void processTlds() throws LifecycleException {
+- TldConfig tldConfig = new TldConfig();
+- tldConfig.setContext(this);
+-
+- // (1) check if the attribute has been defined
+- // on the context element.
+- tldConfig.setTldValidation(tldValidation);
+- tldConfig.setTldNamespaceAware(tldNamespaceAware);
+-
+- // (2) if the attribute wasn't defined on the context
+- // try the host.
+- if (!tldValidation) {
+- tldConfig.setTldValidation
+- (((StandardHost) getParent()).getXmlValidation());
+- }
+-
+- if (!tldNamespaceAware) {
+- tldConfig.setTldNamespaceAware
+- (((StandardHost) getParent()).getXmlNamespaceAware());
+- }
+-
+- try {
+- tldConfig.execute();
+- } catch (Exception ex) {
+- log.error("Error reading tld listeners "
+- + ex.toString(), ex);
+- }
+- }
+-
+- /**
+ * Stop this Context component.
+ *
+ * @exception LifecycleException if a shutdown error occurs
+@@ -5083,6 +5045,10 @@
+ return;
+ }
+ }
++ if (processTlds) {
++ this.addLifecycleListener(new TldConfig());
++ }
++
+ super.init();
+
+ // Notify our interested LifecycleListeners
+Index: container/catalina/src/share/org/apache/catalina/startup/TldConfig.java
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/startup/TldConfig.java (wersja 781541)
++++ container/catalina/src/share/org/apache/catalina/startup/TldConfig.java (wersja 781542)
+@@ -49,20 +49,24 @@
+
+ import org.apache.catalina.Context;
+ import org.apache.catalina.Globals;
++import org.apache.catalina.Lifecycle;
++import org.apache.catalina.LifecycleEvent;
++import org.apache.catalina.LifecycleListener;
+ import org.apache.catalina.core.StandardContext;
++import org.apache.catalina.core.StandardHost;
+ import org.apache.catalina.util.StringManager;
+ import org.apache.tomcat.util.digester.Digester;
+ import org.xml.sax.InputSource;
+
+ /**
+- * Startup event listener for a <b>Context</b> that configures the properties
+- * of that Context, and the associated defined servlets.
++ * Startup event listener for a <b>Context</b> that configures application
++ * listeners configured in any TLD files.
+ *
+ * @author Craig R. McClanahan
+ * @author Jean-Francois Arcand
+ * @author Costin Manolache
+ */
+-public final class TldConfig {
++public final class TldConfig implements LifecycleListener {
+
+ // Names of JARs that are known not to contain any TLDs
+ private static HashSet noTldJars;
+@@ -399,20 +403,6 @@
+ }
+
+ /**
+- * Create (if necessary) and return a Digester configured to process a tag
+- * library descriptor, looking for additional listener classes to be
+- * registered.
+- */
+- private static Digester createTldDigester() {
+-
+- return DigesterFactory.newDigester(tldValidation,
+- tldNamespaceAware,
+- new TldRuleSet());
+-
+- }
+-
+-
+- /**
+ * Scan the JAR file at the specified resource path for TLDs in the
+ * <code>META-INF</code> subdirectory, and scan each TLD for application
+ * event listeners that need to be registered.
+@@ -504,10 +494,6 @@
+ private void tldScanStream(InputSource resourceStream)
+ throws Exception {
+
+- if (tldDigester == null){
+- tldDigester = createTldDigester();
+- }
+-
+ synchronized (tldDigester) {
+ try {
+ tldDigester.push(this);
+@@ -726,4 +712,51 @@
+
+ return jarPathMap;
+ }
++
++ public void lifecycleEvent(LifecycleEvent event) {
++ // Identify the context we are associated with
++ try {
++ context = (Context) event.getLifecycle();
++ } catch (ClassCastException e) {
++ log.error(sm.getString("tldConfig.cce", event.getLifecycle()), e);
++ return;
++ }
++
++ if (event.getType().equals(Lifecycle.INIT_EVENT)) {
++ init();
++ } else if (event.getType().equals(Lifecycle.START_EVENT)) {
++ try {
++ execute();
++ } catch (Exception e) {
++ log.error(sm.getString(
++ "tldConfig.execute", context.getPath()), e);
++ }
++ } // Ignore the other event types - nothing to do
++ }
++
++ private void init() {
++ if (tldDigester == null){
++ // (1) check if the attribute has been defined
++ // on the context element.
++ setTldValidation(context.getTldValidation());
++ setTldNamespaceAware(context.getTldNamespaceAware());
++
++ // (2) if the attribute wasn't defined on the context
++ // try the host.
++ if (!tldValidation) {
++ setTldValidation(
++ ((StandardHost) context.getParent()).getXmlValidation());
++ }
++
++ if (!tldNamespaceAware) {
++ setTldNamespaceAware(
++ ((StandardHost) context.getParent()).getXmlNamespaceAware());
++ }
++
++ tldDigester = DigesterFactory.newDigester(tldValidation,
++ tldNamespaceAware,
++ new TldRuleSet());
++ tldDigester.getParser();
++ }
++ }
+ }
+Index: container/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties
+===================================================================
+--- container/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties (wersja 781541)
++++ container/catalina/src/share/org/apache/catalina/startup/LocalStrings.properties (wersja 781542)
+@@ -87,6 +87,8 @@
+ hostConfig.undeploy=Undeploying context [{0}]
+ hostConfig.undeploy.error=Error undeploying web application at context path {0}
+ hostConfig.undeploying=Undeploying deployed web applications
++tldConfig.cce=Lifecycle event data object {0} is not a Context
++tldConfig.execute=Error processing TLD files for context path {0}
+ userConfig.database=Exception loading user database
+ userConfig.deploy=Deploying web application for user {0}
+ userConfig.deploying=Deploying user web applications
projects / packages / tomcat.git / commitdiff