Class RequestUtil

java.lang.Object
org.apache.tomcat.util.http.RequestUtil

public class RequestUtil extends Object
  • Method Details

    • normalize

      public static String normalize(String path)
      Normalize a relative URI path. This method normalizes "/./", "/../", "//" and "\". If the input path is an attempt to 'escape the root' (e.g. /../input.txt) then null is returned to prevent attempts to 'escape the root'. WARNING - No other URI validation checks are performed.
      Parameters:
      path - Relative path to be normalized
      Returns:
      The normalized path or null if the input path attempts to 'escape the root'.
    • normalize

      public static String normalize(String path, boolean replaceBackSlash)
      Normalize a relative URI path. This method normalizes "/./", "/../" and "//". This method optionally normalizes "\". If the input path is an attempt to 'escape the root' (e.g. /../input.txt) then null is returned to prevent attempts to 'escape the root'. WARNING - No other URI validation checks are performed.
      Parameters:
      path - Relative path to be normalized
      replaceBackSlash - Should '\\' be normalized to '/'
      Returns:
      The normalized path or null if the input path attempts to 'escape the root'.
    • isSameOrigin

      public static boolean isSameOrigin(HttpServletRequest request, String origin)
    • isValidOrigin

      public static boolean isValidOrigin(String origin)
      Checks if a given origin is valid or not. Criteria:
      • If an encoded character is present in origin, it's not valid.
      • If origin is "null", it's valid.
      • Origin should be a valid URI
      Parameters:
      origin - The origin URI
      Returns:
      true if the origin was valid
      See Also: