- Add some options for handling URL chars.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk@506200 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java
index e6b35a2..7054fc6 100644 (file)
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -58,6 +58,10 @@ public class CoyoteAdapter
     public static final int ADAPTER_NOTES = 1;
 
 
+    protected static final boolean ALLOW_BACKSLASH = 
+        Boolean.valueOf(System.getProperty("org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH", "false")).booleanValue();
+
+
     // ----------------------------------------------------------- Constructors
 
 
@@ -310,8 +314,8 @@ public class CoyoteAdapter
                 req.getURLDecoder().convert(decodedURI, false);
             } catch (IOException ioe) {
                 res.setStatus(400);
-                res.setMessage("Invalid URI");
-                throw ioe;
+                res.setMessage("Invalid URI: " + ioe.getMessage());
+                return false;
             }
             // Normalization
             if (!normalize(req.decodedURI())) {
@@ -601,10 +605,16 @@ public class CoyoteAdapter
         // Replace '\' with '/'
         // Check for null byte
         for (pos = start; pos < end; pos++) {
-            if (b[pos] == (byte) '\\')
-                b[pos] = (byte) '/';
-            if (b[pos] == (byte) 0)
+            if (b[pos] == (byte) '\\') {
+                if (ALLOW_BACKSLASH) {
+                    b[pos] = (byte) '/';
+                } else {
+                    return false;
+                }
+            }
+            if (b[pos] == (byte) 0) {
                 return false;
+            }
         }
 
         // The URL must start with '/'

diff --git a/java/org/apache/tomcat/util/buf/UDecoder.java b/java/org/apache/tomcat/util/buf/UDecoder.java
index e805a70..d90a654 100644 (file)
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -33,6 +33,9 @@ public final class UDecoder {
     private static org.apache.juli.logging.Log log=
         org.apache.juli.logging.LogFactory.getLog(UDecoder.class );
     
+    protected static final boolean ALLOW_ENCODED_SLASH = 
+        Boolean.valueOf(System.getProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "false")).booleanValue();
+
     public UDecoder() 
     {
     }
@@ -67,6 +70,8 @@ public final class UDecoder {
        if( idx2 >= 0 && idx2 < idx ) idx=idx2;
        if( idx < 0 ) idx=idx2;
 
+    boolean noSlash = !(ALLOW_ENCODED_SLASH || query);
+    
        for( int j=idx; j<end; j++, idx++ ) {
            if( buff[ j ] == '+' && query) {
                buff[idx]= (byte)' ' ;
@@ -84,6 +89,9 @@ public final class UDecoder {
                
                j+=2;
                int res=x2c( b1, b2 );
+        if (noSlash && (res == '/')) {
+            throw new CharConversionException( "noSlash");
+        }
                buff[idx]=(byte)res;
            }
        }