orangetw/Apache-Tomcat-8.5.32.patch Secret

## Apache-Tomcat-8.5.32.patch
diff -Naur apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/CoyoteAdapter.java apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/CoyoteAdapter.java
--- apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/CoyoteAdapter.java	2018-07-11 23:26:58.540133537 -0700
+++ apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/CoyoteAdapter.java	2018-07-11 23:48:19.392943150 -0700
@@ -606,7 +606,6 @@
             // Parse the path parameters. This will:
             //   - strip out the path parameters
             //   - convert the decodedURI to bytes
-            parsePathParameters(req, request);

             // URI decoding
             // %xx decoding of the URL
@@ -649,7 +648,7 @@
             // Remove all path parameters; any needed path parameter should be set
             // using the request object rather than passing it in the URL
             CharChunk uriCC = decodedURI.getCharChunk();
-            int semicolon = uriCC.indexOf(';');
+            int semicolon = -1;
             if (semicolon > 0) {
                 decodedURI.setChars
                     (uriCC.getBuffer(), uriCC.getStart(), semicolon);
diff -Naur apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/Request.java apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/Request.java
--- apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/Request.java	2018-07-11 23:26:58.540133537 -0700
+++ apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/Request.java	2018-07-11 23:48:38.709059900 -0700
@@ -2091,7 +2091,6 @@
         } else {
             candidate = uri.substring(0, pos);
         }
-        candidate = removePathParameters(candidate);
         candidate = UDecoder.URLDecode(candidate, connector.getURICharset());
         candidate = org.apache.tomcat.util.http.RequestUtil.normalize(candidate);
         boolean match = canonicalContextPath.equals(candidate);
@@ -2102,7 +2101,6 @@
             } else {
                 candidate = uri.substring(0, pos);
             }
-            candidate = removePathParameters(candidate);
             candidate = UDecoder.URLDecode(candidate, connector.getURICharset());
             candidate = org.apache.tomcat.util.http.RequestUtil.normalize(candidate);
             match = canonicalContextPath.equals(candidate);
diff -Naur apache-tomcat-8.5.32-src/java/org/apache/catalina/core/ApplicationContext.java apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/core/ApplicationContext.java
--- apache-tomcat-8.5.32-src/java/org/apache/catalina/core/ApplicationContext.java	2018-07-11 23:26:58.540133537 -0700
+++ apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/core/ApplicationContext.java	2018-07-11 23:47:48.440740679 -0700
@@ -478,7 +478,7 @@
              * Ignore any trailing path params (separated by ';') for mapping
              * purposes
              */
-            int semicolon = normalizedPath.indexOf(';');
+            int semicolon = -1;
             if (pos >= 0 && semicolon > pos) {
                 semicolon = -1;
             }
	diff -Naur apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/CoyoteAdapter.java apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/CoyoteAdapter.java
	--- apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/CoyoteAdapter.java 2018-07-11 23:26:58.540133537 -0700
	+++ apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/CoyoteAdapter.java 2018-07-11 23:48:19.392943150 -0700
	@@ -606,7 +606,6 @@
	// Parse the path parameters. This will:
	// - strip out the path parameters
	// - convert the decodedURI to bytes
	- parsePathParameters(req, request);

	// URI decoding
	// %xx decoding of the URL
	@@ -649,7 +648,7 @@
	// Remove all path parameters; any needed path parameter should be set
	// using the request object rather than passing it in the URL
	CharChunk uriCC = decodedURI.getCharChunk();
	- int semicolon = uriCC.indexOf(';');
	+ int semicolon = -1;
	if (semicolon > 0) {
	decodedURI.setChars
	(uriCC.getBuffer(), uriCC.getStart(), semicolon);
	diff -Naur apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/Request.java apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/Request.java
	--- apache-tomcat-8.5.32-src/java/org/apache/catalina/connector/Request.java 2018-07-11 23:26:58.540133537 -0700
	+++ apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/connector/Request.java 2018-07-11 23:48:38.709059900 -0700
	@@ -2091,7 +2091,6 @@
	} else {
	candidate = uri.substring(0, pos);
	}
	- candidate = removePathParameters(candidate);
	candidate = UDecoder.URLDecode(candidate, connector.getURICharset());
	candidate = org.apache.tomcat.util.http.RequestUtil.normalize(candidate);
	boolean match = canonicalContextPath.equals(candidate);
	@@ -2102,7 +2101,6 @@
	} else {
	candidate = uri.substring(0, pos);
	}
	- candidate = removePathParameters(candidate);
	candidate = UDecoder.URLDecode(candidate, connector.getURICharset());
	candidate = org.apache.tomcat.util.http.RequestUtil.normalize(candidate);
	match = canonicalContextPath.equals(candidate);
	diff -Naur apache-tomcat-8.5.32-src/java/org/apache/catalina/core/ApplicationContext.java apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/core/ApplicationContext.java
	--- apache-tomcat-8.5.32-src/java/org/apache/catalina/core/ApplicationContext.java 2018-07-11 23:26:58.540133537 -0700
	+++ apache-tomcat-8.5.32-src-patched/java/org/apache/catalina/core/ApplicationContext.java 2018-07-11 23:47:48.440740679 -0700
	@@ -478,7 +478,7 @@
	* Ignore any trailing path params (separated by ';') for mapping
	* purposes
	*/
	- int semicolon = normalizedPath.indexOf(';');
	+ int semicolon = -1;
	if (pos >= 0 && semicolon > pos) {
	semicolon = -1;
	}