Package org.apache.tomcat.util.http
Class RequestUtil
java.lang.Object
org.apache.tomcat.util.http.RequestUtil
-
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
isSameOrigin
(HttpServletRequest request, String origin) static boolean
isValidOrigin
(String origin) Checks if a given origin is valid or not.static String
Normalize a relative URI path.static String
Normalize a relative URI path.
-
Method Details
-
normalize
Normalize a relative URI path. This method normalizes "/./", "/../", "//" and "\". If the input path is an attempt to 'escape the root' (e.g. /../input.txt) thennull
is returned to prevent attempts to 'escape the root'. WARNING - No other URI validation checks are performed.- Parameters:
path
- Relative path to be normalized- Returns:
- The normalized path or
null
if the input path attempts to 'escape the root'.
-
normalize
Normalize a relative URI path. This method normalizes "/./", "/../" and "//". This method optionally normalizes "\". If the input path is an attempt to 'escape the root' (e.g. /../input.txt) thennull
is returned to prevent attempts to 'escape the root'. WARNING - No other URI validation checks are performed.- Parameters:
path
- Relative path to be normalizedreplaceBackSlash
- Should '\\' be normalized to '/'- Returns:
- The normalized path or
null
if the input path attempts to 'escape the root'.
-
isSameOrigin
-
isValidOrigin
Checks if a given origin is valid or not. Criteria:- If an encoded character is present in origin, it's not valid.
- If origin is "null", it's valid.
- Origin should be a valid
URI
- Parameters:
origin
- The origin URI- Returns:
true
if the origin was valid- See Also:
-