Changed order of reading request properties. Previously, HTTP parameters
where set after HTTP variables/headers, which caused a security problem with HTTP variables being overridable by parameters. (bug #77)
This commit is contained in:
hns
parent
8ddc2b2e4f
commit
c7071ce55d
2 changed files with 102 additions and 92 deletions
|
|
@ -87,8 +87,43 @@ public abstract class AbstractServletClient extends HttpServlet {
|
|||
|
||||
try {
|
||||
|
||||
// read and set http parameters
|
||||
for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
|
||||
String nextKey = (String)e.nextElement();
|
||||
String[] paramValues = request.getParameterValues(nextKey);
|
||||
if (paramValues != null) {
|
||||
reqtrans.set (nextKey, paramValues[0]); // set to single string value
|
||||
if (paramValues.length > 1)
|
||||
reqtrans.set (nextKey+"_array", paramValues); // set string array
|
||||
}
|
||||
}
|
||||
|
||||
// check for MIME file uploads
|
||||
String contentType = request.getContentType();
|
||||
if (contentType != null && contentType.indexOf("multipart/form-data")==0) {
|
||||
// File Upload
|
||||
Uploader up;
|
||||
try {
|
||||
if ((up = getUpload (request)) != null) {
|
||||
Hashtable upload = up.getParts ();
|
||||
for (Enumeration e = upload.keys(); e.hasMoreElements(); ) {
|
||||
String nextKey = (String) e.nextElement ();
|
||||
Object nextPart = upload.get (nextKey);
|
||||
reqtrans.set (nextKey, nextPart);
|
||||
}
|
||||
}
|
||||
} catch (Exception upx) {
|
||||
String uploadErr = upx.getMessage ();
|
||||
if (uploadErr == null || uploadErr.length () == 0)
|
||||
uploadErr = upx.toString ();
|
||||
reqtrans.set ("uploadError", uploadErr);
|
||||
}
|
||||
}
|
||||
|
||||
// read cookies
|
||||
if (cookies != null) {
|
||||
for (int i=0; i < cookies.length;i++) try { // get Cookies
|
||||
for (int i=0; i < cookies.length;i++) try {
|
||||
// get Cookies
|
||||
String nextKey = cookies[i].getName ();
|
||||
String nextPart = cookies[i].getValue ();
|
||||
if ("HopSession".equals (nextKey))
|
||||
|
|
@ -109,6 +144,7 @@ public abstract class AbstractServletClient extends HttpServlet {
|
|||
response.addCookie(c);
|
||||
}
|
||||
|
||||
// do standard HTTP variables
|
||||
String host = request.getHeader ("Host");
|
||||
if (host != null) {
|
||||
host = host.toLowerCase();
|
||||
|
|
@ -131,38 +167,6 @@ public abstract class AbstractServletClient extends HttpServlet {
|
|||
if ( authorization != null )
|
||||
reqtrans.set ("authorization", authorization );
|
||||
|
||||
for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
|
||||
// Params parsen
|
||||
String nextKey = (String)e.nextElement();
|
||||
String[] paramValues = request.getParameterValues(nextKey);
|
||||
if (paramValues != null) {
|
||||
reqtrans.set (nextKey, paramValues[0]); // set to single string value
|
||||
if (paramValues.length > 1)
|
||||
reqtrans.set (nextKey+"_array", paramValues); // set string array
|
||||
}
|
||||
}
|
||||
|
||||
String contentType = request.getContentType();
|
||||
if (contentType != null && contentType.indexOf("multipart/form-data")==0) {
|
||||
// File Upload
|
||||
Uploader up;
|
||||
try {
|
||||
if ((up = getUpload (request)) != null) {
|
||||
Hashtable upload = up.getParts ();
|
||||
for (Enumeration e = upload.keys(); e.hasMoreElements(); ) {
|
||||
String nextKey = (String) e.nextElement ();
|
||||
Object nextPart = upload.get (nextKey);
|
||||
reqtrans.set (nextKey, nextPart);
|
||||
}
|
||||
}
|
||||
} catch (Exception upx) {
|
||||
String uploadErr = upx.getMessage ();
|
||||
if (uploadErr == null || uploadErr.length () == 0)
|
||||
uploadErr = upx.toString ();
|
||||
reqtrans.set ("uploadError", uploadErr);
|
||||
}
|
||||
}
|
||||
|
||||
// get RMI ref to application and execute request
|
||||
IRemoteApp app = getApp (appID);
|
||||
ResponseTrans restrans = null;
|
||||
|
|
|
|||
|
|
@ -56,16 +56,53 @@ public class AcmeServletClient extends HttpServlet {
|
|||
try {
|
||||
RequestTrans reqtrans = new RequestTrans (method);
|
||||
|
||||
// read and set http parameters
|
||||
for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
|
||||
// Params parsen
|
||||
String nextKey = (String)e.nextElement();
|
||||
String[] paramValues = request.getParameterValues(nextKey);
|
||||
if (paramValues != null) {
|
||||
reqtrans.set (nextKey, paramValues[0]); // set to single string value
|
||||
if (paramValues.length > 1)
|
||||
reqtrans.set (nextKey+"_array", paramValues); // set string array
|
||||
}
|
||||
}
|
||||
|
||||
// check for MIME file uploads
|
||||
String contentType = request.getContentType();
|
||||
if (contentType != null && contentType.indexOf("multipart/form-data")==0) {
|
||||
// File Upload
|
||||
Uploader up;
|
||||
try {
|
||||
if ((up = getUpload (uploadLimit, request)) != null) {
|
||||
Hashtable upload = up.getParts ();
|
||||
for (Enumeration e = upload.keys(); e.hasMoreElements(); ) {
|
||||
String nextKey = (String) e.nextElement ();
|
||||
Object nextPart = upload.get (nextKey);
|
||||
reqtrans.set (nextKey, nextPart);
|
||||
}
|
||||
}
|
||||
} catch (Exception upx) {
|
||||
String uploadErr = upx.getMessage ();
|
||||
if (uploadErr == null || uploadErr.length () == 0)
|
||||
uploadErr = upx.toString ();
|
||||
reqtrans.set ("uploadError", uploadErr);
|
||||
}
|
||||
}
|
||||
|
||||
// HACK - sessions not fully supported in Acme.Serve
|
||||
// Thats ok, we dont need the session object, just the id.
|
||||
reqtrans.session = request.getRequestedSessionId();
|
||||
|
||||
// get Cookies
|
||||
if (cookies != null) {
|
||||
for (int i=0; i < cookies.length;i++) try { // get Cookies
|
||||
for (int i=0; i < cookies.length;i++) try {
|
||||
String nextKey = cookies[i].getName ();
|
||||
String nextPart = cookies[i].getValue ();
|
||||
reqtrans.set (nextKey, nextPart);
|
||||
} catch (Exception badCookie) {}
|
||||
}
|
||||
|
||||
// get optional path info
|
||||
String pathInfo = request.getServletPath ();
|
||||
if (pathInfo != null) {
|
||||
|
|
@ -75,6 +112,7 @@ public class AcmeServletClient extends HttpServlet {
|
|||
} else
|
||||
reqtrans.path = "";
|
||||
|
||||
// do standard HTTP variables
|
||||
String host = request.getHeader ("Host");
|
||||
if (host != null) {
|
||||
host = host.toLowerCase();
|
||||
|
|
@ -97,38 +135,6 @@ public class AcmeServletClient extends HttpServlet {
|
|||
if ( authorization != null )
|
||||
reqtrans.set ("authorization", authorization );
|
||||
|
||||
for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
|
||||
// Params parsen
|
||||
String nextKey = (String)e.nextElement();
|
||||
String[] paramValues = request.getParameterValues(nextKey);
|
||||
if (paramValues != null) {
|
||||
reqtrans.set (nextKey, paramValues[0]); // set to single string value
|
||||
if (paramValues.length > 1)
|
||||
reqtrans.set (nextKey+"_array", paramValues); // set string array
|
||||
}
|
||||
}
|
||||
|
||||
String contentType = request.getContentType();
|
||||
if (contentType != null && contentType.indexOf("multipart/form-data")==0) {
|
||||
// File Upload
|
||||
Uploader up;
|
||||
try {
|
||||
if ((up = getUpload (uploadLimit, request)) != null) {
|
||||
Hashtable upload = up.getParts ();
|
||||
for (Enumeration e = upload.keys(); e.hasMoreElements(); ) {
|
||||
String nextKey = (String) e.nextElement ();
|
||||
Object nextPart = upload.get (nextKey);
|
||||
reqtrans.set (nextKey, nextPart);
|
||||
}
|
||||
}
|
||||
} catch (Exception upx) {
|
||||
String uploadErr = upx.getMessage ();
|
||||
if (uploadErr == null || uploadErr.length () == 0)
|
||||
uploadErr = upx.toString ();
|
||||
reqtrans.set ("uploadError", uploadErr);
|
||||
}
|
||||
}
|
||||
|
||||
ResponseTrans restrans = null;
|
||||
restrans = app.execute (reqtrans);
|
||||
writeResponse (response, restrans, cookies, protocol);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue