View | Details | Raw Unified | Return to bug 62273
Collapse All | Expand All

(-)java/org/apache/tomcat/util/http/parser/HttpParser.java (-4 / +34 lines)
Lines 38-48 Link Here
38
38
39
    private static final int ARRAY_SIZE = 128;
39
    private static final int ARRAY_SIZE = 128;
40
40
41
    private static final boolean USE_URL_LIVING_STANDARD = false; // TODO: use a system property
42
41
    private static final boolean[] IS_CONTROL = new boolean[ARRAY_SIZE];
43
    private static final boolean[] IS_CONTROL = new boolean[ARRAY_SIZE];
42
    private static final boolean[] IS_SEPARATOR = new boolean[ARRAY_SIZE];
44
    private static final boolean[] IS_SEPARATOR = new boolean[ARRAY_SIZE];
43
    private static final boolean[] IS_TOKEN = new boolean[ARRAY_SIZE];
45
    private static final boolean[] IS_TOKEN = new boolean[ARRAY_SIZE];
44
    private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE];
46
    private static final boolean[] IS_HEX = new boolean[ARRAY_SIZE];
45
    private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
47
    private static final boolean[] IS_NOT_REQUEST_TARGET = new boolean[ARRAY_SIZE];
48
    private static final boolean[] IS_NOT_QUERY = new boolean[ARRAY_SIZE];
46
    private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE];
49
    private static final boolean[] IS_HTTP_PROTOCOL = new boolean[ARRAY_SIZE];
47
    private static final boolean[] IS_ALPHA = new boolean[ARRAY_SIZE];
50
    private static final boolean[] IS_ALPHA = new boolean[ARRAY_SIZE];
48
    private static final boolean[] IS_NUMERIC = new boolean[ARRAY_SIZE];
51
    private static final boolean[] IS_NUMERIC = new boolean[ARRAY_SIZE];
Lines 75-84 Link Here
75
            // Not valid for request target.
78
            // Not valid for request target.
76
            // Combination of multiple rules from RFC7230 and RFC 3986. Must be
79
            // Combination of multiple rules from RFC7230 and RFC 3986. Must be
77
            // ASCII, no controls plus a few additional characters excluded
80
            // ASCII, no controls plus a few additional characters excluded
78
            if (IS_CONTROL[i] || i > 127 ||
81
            if (USE_URL_LIVING_STANDARD) {
79
                    i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||
82
                // If byte is less than 0x21 (!), greater than 0x7E (~), or is 0x22 ("), 0x23 (#), 0x3C (<), or 0x3E (>), append byte, percent encoded, to url’s query.
80
                    i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {
83
                if (IS_CONTROL[i] || i > 127 ||
81
                IS_NOT_REQUEST_TARGET[i] = true;
84
                        i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>') {
85
                    IS_NOT_QUERY[i] = true;
86
                }
87
                // The C0 control percent-encode set are the C0 controls and all code points greater than U+007E (~).
88
                // The fragment percent-encode set is the C0 control percent-encode set and U+0020 SPACE, U+0022 ("), U+003C (<), U+003E (>), and U+0060 (`).
89
                // The path percent-encode set is the fragment percent-encode set and U+0023 (#), U+003F (?), U+007B ({), and U+007D (}). 
90
                if (IS_CONTROL[i] || i > 127 ||
91
                        i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' ||
92
                        i == '`'  || i == '{' || i == '}') {
93
                    IS_NOT_REQUEST_TARGET[i] = true;
94
                }
95
            } else {
96
                if (IS_CONTROL[i] || i > 127 ||
97
                        i == ' ' || i == '\"' || i == '#' || i == '<' || i == '>' || i == '\\' ||
98
                        i == '^' || i == '`'  || i == '{' || i == '|' || i == '}') {
99
                    IS_NOT_REQUEST_TARGET[i] = true;
100
                    IS_NOT_QUERY[i] = true;
101
                }
82
            }
102
            }
83
103
84
            // Not valid for HTTP protocol
104
            // Not valid for HTTP protocol
Lines 163-168 Link Here
163
    }
183
    }
164
184
165
185
186
    public static boolean isNotQuery(int c) {
187
        // Fast for valid query characters, slower for some incorrect ones
188
        try {
189
            return IS_NOT_QUERY[c];
190
        } catch (ArrayIndexOutOfBoundsException ex) {
191
            return true;
192
        }
193
    }
194
195
166
    public static boolean isHttpProtocol(int c) {
196
    public static boolean isHttpProtocol(int c) {
167
        // Fast for valid HTTP protocol characters, slower for some incorrect
197
        // Fast for valid HTTP protocol characters, slower for some incorrect
168
        // ones
198
        // ones

Return to bug 62273