From: markt Date: Sun, 4 May 2008 10:41:48 +0000 (+0000) Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43080 and https://issues.apach... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=c82f31ba8d3306c950bbdbbb41fb25007c482f1f;p=tomcat7.0 Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=43080 and https://issues.apache.org/bugzilla/show_bug.cgi?id=43079 Move warning to StandardContext so a) we can check all url-patterns and b) we associate the message with the context. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@653195 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/core/StandardContext.java b/java/org/apache/catalina/core/StandardContext.java index ef8e67fda..18f59aafa 100644 --- a/java/org/apache/catalina/core/StandardContext.java +++ b/java/org/apache/catalina/core/StandardContext.java @@ -5040,20 +5040,38 @@ public class StandardContext return (false); } if (urlPattern.startsWith("*.")) { - if (urlPattern.indexOf('/') < 0) + if (urlPattern.indexOf('/') < 0) { + checkUnusualURLPattern(urlPattern); return (true); - else + } else return (false); } if ( (urlPattern.startsWith("/")) && - (urlPattern.indexOf("*.") < 0)) + (urlPattern.indexOf("*.") < 0)) { + checkUnusualURLPattern(urlPattern); return (true); - else + } else return (false); } + /** + * Check for unusual but valid <url-pattern>s. + * See Bugzilla 34805, 43079 & 43080 + */ + private void checkUnusualURLPattern(String urlPattern) { + if (log.isInfoEnabled()) { + if(urlPattern.endsWith("*") && (urlPattern.length() < 2 || + urlPattern.charAt(urlPattern.length()-2) != '/')) { + log.info("Suspicious url pattern: \"" + urlPattern + "\"" + + " in context [" + getName() + "] - see" + + " section SRV.11.2 of the Servlet specification" ); + } + } + } + + // ------------------------------------------------------------- Operations diff --git a/java/org/apache/catalina/deploy/SecurityCollection.java b/java/org/apache/catalina/deploy/SecurityCollection.java index ead1a1636..47401efb8 100644 --- a/java/org/apache/catalina/deploy/SecurityCollection.java +++ b/java/org/apache/catalina/deploy/SecurityCollection.java @@ -21,9 +21,6 @@ package org.apache.catalina.deploy; import org.apache.catalina.util.RequestUtil; -import org.apache.juli.logging.Log; -import org.apache.juli.logging.LogFactory; - import java.io.Serializable; @@ -44,9 +41,6 @@ import java.io.Serializable; public class SecurityCollection implements Serializable { - private static Log log = LogFactory.getLog(SecurityCollection.class); - - // ----------------------------------------------------------- Constructors @@ -188,17 +182,6 @@ public class SecurityCollection implements Serializable { if (pattern == null) return; - // Bugzilla 34805: add friendly warning. - if(pattern.endsWith("*")) { - if (pattern.charAt(pattern.length()-1) != '/') { - if (log.isDebugEnabled()) { - log.warn("Suspicious url pattern: \"" + pattern + "\"" + - " - see http://java.sun.com/aboutJava/communityprocess/first/jsr053/servlet23_PFD.pdf" + - " section 11.2" ); - } - } - } - pattern = RequestUtil.URLDecode(pattern); String results[] = new String[patterns.length + 1]; for (int i = 0; i < patterns.length; i++) {