Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58988

Add quotation of special characters in substitutions of the RewriteValve. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1729730 13f79535-47bb-0310-9956-ffa450edef68
apache · Feb 10, 2016 · 4f4415c · 4f4415c
1 parent d56b6b3
commit 4f4415c
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 2 deletions.
diff --git a/java/org/apache/catalina/valves/rewrite/Substitution.java b/java/org/apache/catalina/valves/rewrite/Substitution.java
@@ -111,17 +111,27 @@ public void parse(Map<String, RewriteMap> maps) {
         int pos = 0;
         int percentPos = 0;
         int dollarPos = 0;
+        int backslashPos = 0;
 
         while (pos < sub.length()) {
             percentPos = sub.indexOf('%', pos);
             dollarPos = sub.indexOf('$', pos);
-            if (percentPos == -1 && dollarPos == -1) {
+            backslashPos = sub.indexOf('\\', pos);
+            if (percentPos == -1 && dollarPos == -1 && backslashPos == -1) {
                 // Static text
                 StaticElement newElement = new StaticElement();
                 newElement.value = sub.substring(pos, sub.length());
                 pos = sub.length();
                 elements.add(newElement);
-            } else if (percentPos == -1 || ((dollarPos != -1) && (dollarPos < percentPos))) {
+            } else if (isFirstPos(backslashPos, dollarPos, percentPos)) {
+                if (backslashPos + 1 == sub.length()) {
+                    throw new IllegalArgumentException(sub);
+                }
+                StaticElement newElement = new StaticElement();
+                newElement.value = sub.substring(pos, backslashPos) + sub.substring(backslashPos + 1, backslashPos + 2);
+                pos = backslashPos + 2;
+                elements.add(newElement);
+            } else if (isFirstPos(dollarPos, percentPos)) {
                 // $: back reference to rule or map lookup
                 if (dollarPos + 1 == sub.length()) {
                     throw new IllegalArgumentException(sub);
@@ -240,4 +250,28 @@ public String evaluate(Matcher rule, Matcher cond, Resolver resolver) {
         }
         return buf.toString();
     }
+
+    /**
+     * Checks whether the first int is non negative and smaller than any non negative other int
+     * given with {@code others}.
+     *
+     * @param testPos
+     *            integer to test against
+     * @param others
+     *            list of integers that are paired against {@code testPos}. Any
+     *            negative integer will be ignored.
+     * @return {@code true} if {@code testPos} is not negative and is less then any given other
+     *         integer, {@code false} otherwise
+     */
+    private boolean isFirstPos(int testPos, int... others) {
+        if (testPos < 0) {
+            return false;
+        }
+        for (int other : others) {
+            if (other >= 0 && other < testPos) {
+                return false;
+            }
+        }
+        return true;
+    }
 }
diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
@@ -32,6 +32,11 @@ public void testNoRewrite() throws Exception {
         doTestRewrite("", "/a/%255A", "/a/%255A");
     }
 
+    @Test
+    public void testBackslashPercentSign() throws Exception {
+        doTestRewrite("RewriteRule ^(.*) /a/\\%5A", "/", "/a/%255A");
+    }
+
     @Test
     public void testNoopRewrite() throws Exception {
         doTestRewrite("RewriteRule ^(.*) $1", "/a/%255A", "/a/%255A");

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -70,6 +70,10 @@
         WAR into the <code>appBase</code> and using the newly created expanded
         directory as the <code>docBase</code>. (markt)
       </fix>
+      <add>
+        <bug>58988</bug>: Special characters in the substitutions for the RewriteValve
+        can now be quoted with a backslash. (fschumacher)
+      </add>
     </changelog>
   </subsection>
   <subsection name="Coyote">

diff --git a/webapps/docs/rewrite.xml b/webapps/docs/rewrite.xml
@@ -520,6 +520,10 @@ cannot use <code>$N</code> in the substitution string!
       or it is explicitly terminated by a
       <code><strong>L</strong></code> flag.</p>
 
+      <p>The special characters <code>$</code> and <code>%</code> can
+      be quoted by prepending them with a backslash character
+      <code>\</code>.</p>
+
       <p>There is a special substitution string named
       '<code>-</code>' which means: <strong>NO
       substitution</strong>! This is useful in providing