View | Details | Raw Unified | Return to bug 56618
Collapse All | Expand All

(-)common/jk_status.c (-1 / +169 lines)
Lines 36-41 Link Here
36
#include "jk_connect.h"
36
#include "jk_connect.h"
37
#include "jk_uri_worker_map.h"
37
#include "jk_uri_worker_map.h"
38
38
39
#include "apr.h"
40
39
#define HUGE_BUFFER_SIZE (8*1024)
41
#define HUGE_BUFFER_SIZE (8*1024)
40
42
41
/**
43
/**
Lines 1200-1205 Link Here
1200
        jk_putv(s, "\">", text, "</a>", NULL);
1202
        jk_putv(s, "\">", text, "</a>", NULL);
1201
}
1203
}
1202
1204
1205
/*
1206
   Only include the function definitions for x2c and jk_unescape_url
1207
   if using APR < 1.5. Otherwise, just pass-through jk_unescape_url
1208
   to apr_unescape_url.
1209
*/
1210
#ifndef APR_ESCAPE_STRING
1211
static char x2c(const char *what)
1212
{
1213
    register char digit;
1214
1215
#if !APR_CHARSET_EBCDIC
1216
    digit =
1217
            ((what[0] >= 'A') ? ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0'));
1218
    digit *= 16;
1219
    digit += (what[1] >= 'A' ? ((what[1] & 0xdf) - 'A') + 10 : (what[1] - '0'));
1220
#else /*APR_CHARSET_EBCDIC*/
1221
    char xstr[5];
1222
    xstr[0]='0';
1223
    xstr[1]='x';
1224
    xstr[2]=what[0];
1225
    xstr[3]=what[1];
1226
    xstr[4]='\0';
1227
    digit = convert_a2e[0xFF & strtol(xstr, NULL, 16)];
1228
#endif /*APR_CHARSET_EBCDIC*/
1229
    return (digit);
1230
}
1231
1232
static int jk_unescape_url(char *const escaped,
1233
                           const char *const url,
1234
                           size_t slen,
1235
                           const char *const forbid,
1236
                           const char *const reserved,
1237
                           const int plus,
1238
                           size_t *len)
1239
{
1240
    apr_size_t size = 1;
1241
    int found = 0;
1242
    const char *s = (const char *) url;
1243
    char *d = (char *) escaped;
1244
    register int badesc, badpath;
1245
1246
    if (!url) {
1247
        return APR_NOTFOUND;
1248
    }
1249
1250
    badesc = 0;
1251
    badpath = 0;
1252
    if (s) {
1253
        if (d) {
1254
            for (; *s && slen; ++s, d++, slen--) {
1255
                if (plus && *s == '+') {
1256
                    *d = ' ';
1257
                    found = 1;
1258
                }
1259
                else if (*s != '%') {
1260
                    *d = *s;
1261
                }
1262
                else {
1263
                    if (!apr_isxdigit(*(s + 1)) || !apr_isxdigit(*(s + 2))) {
1264
                        badesc = 1;
1265
                        *d = '%';
1266
                    }
1267
                    else {
1268
                        char decoded;
1269
                        decoded = x2c(s + 1);
1270
                        if ((decoded == '\0')
1271
                                || (forbid && strchr(forbid, decoded))) {
1272
                            badpath = 1;
1273
                            *d = decoded;
1274
                            s += 2;
1275
                            slen -= 2;
1276
                        }
1277
                        else if (reserved && strchr(reserved, decoded)) {
1278
                            *d++ = *s++;
1279
                            *d++ = *s++;
1280
                            *d = *s;
1281
                            size += 2;
1282
                        }
1283
                        else {
1284
                            *d = decoded;
1285
                            s += 2;
1286
                            slen -= 2;
1287
                            found = 1;
1288
                        }
1289
                    }
1290
                }
1291
                size++;
1292
            }
1293
            *d = '\0';
1294
        }
1295
        else {
1296
            for (; *s && slen; ++s, slen--) {
1297
                if (plus && *s == '+') {
1298
                    found = 1;
1299
                }
1300
                else if (*s != '%') {
1301
                    /* character unchanged */
1302
                }
1303
                else {
1304
                    if (!apr_isxdigit(*(s + 1)) || !apr_isxdigit(*(s + 2))) {
1305
                        badesc = 1;
1306
                    }
1307
                    else {
1308
                        char decoded;
1309
                        decoded = x2c(s + 1);
1310
                        if ((decoded == '\0')
1311
                                || (forbid && strchr(forbid, decoded))) {
1312
                            badpath = 1;
1313
                            s += 2;
1314
                            slen -= 2;
1315
                        }
1316
                        else if (reserved && strchr(reserved, decoded)) {
1317
                            s += 2;
1318
                            slen -= 2;
1319
                            size += 2;
1320
                        }
1321
                        else {
1322
                            s += 2;
1323
                            slen -= 2;
1324
                            found = 1;
1325
                        }
1326
                    }
1327
                }
1328
                size++;
1329
            }
1330
        }
1331
    }
1332
1333
    if (len) {
1334
        *len = size;
1335
    }
1336
    if (badesc) {
1337
        return APR_EINVAL;
1338
    }
1339
    else if (badpath) {
1340
        return APR_BADCH;
1341
    }
1342
    else if (!found) {
1343
        return APR_NOTFOUND;
1344
    }
1345
1346
    return APR_SUCCESS;
1347
}
1348
#else
1349
static int jk_unescape_url(char *const escaped,
1350
                           const char *const url,
1351
                           size_t slen,
1352
                           const char *const forbid,
1353
                           const char *const reserved,
1354
                           const int plus,
1355
                           size_t *len)
1356
{
1357
    return apr_unescape_url(escaped, url, slen, forbid, reserved, plus, len);
1358
}
1359
#endif
1360
1203
static int status_parse_uri(jk_ws_service_t *s,
1361
static int status_parse_uri(jk_ws_service_t *s,
1204
                            status_endpoint_t *p,
1362
                            status_endpoint_t *p,
1205
                            jk_logger_t *l)
1363
                            jk_logger_t *l)
Lines 1263-1268 Link Here
1263
#endif
1421
#endif
1264
        char *key = jk_pool_strdup(s->pool, param);
1422
        char *key = jk_pool_strdup(s->pool, param);
1265
        char *value;
1423
        char *value;
1424
        char decoded[JK_SHM_STR_SIZ]; /* stores url-decoded parameter value */
1425
        size_t encoded_len;
1426
        size_t decoded_len;
1427
1266
        if (!key) {
1428
        if (!key) {
1267
            jk_log(l, JK_LOG_ERROR,
1429
            jk_log(l, JK_LOG_ERROR,
1268
                   "Status worker '%s' could not copy string",
1430
                   "Status worker '%s' could not copy string",
Lines 1274-1280 Link Here
1274
        if (value) {
1436
        if (value) {
1275
            *value = '\0';
1437
            *value = '\0';
1276
            value++;
1438
            value++;
1277
            /* XXX Depending on the params values, we might need to trim and decode */
1439
1440
            /* url-decode the parameter value */
1441
            encoded_len = strlen(value);
1442
            if(APR_SUCCESS == jk_unescape_url(decoded, value, encoded_len, NULL, NULL, 1, &decoded_len)
1443
               && decoded_len <= encoded_len)
1444
                strcpy(value, decoded);
1445
1278
            if (strlen(key)) {
1446
            if (strlen(key)) {
1279
                if (JK_IS_DEBUG_LEVEL(l))
1447
                if (JK_IS_DEBUG_LEVEL(l))
1280
                    jk_log(l, JK_LOG_DEBUG,
1448
                    jk_log(l, JK_LOG_DEBUG,

Return to bug 56618