From 898560bec57d94e90c595d4f44d1744ab2cf13b9 Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Fri, 26 Oct 2018 06:44:40 +1100
Subject: [PATCH 1/2] Issue #3030 Enforce Content-Encoding check only on
 parameter extraction. (#3031)

---
 .../org/eclipse/jetty/server/Request.java     | 11 +++---
 .../org/eclipse/jetty/server/RequestTest.java | 34 +++++++++++++++++--
 2 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
index 32c3b446b05..ac5198063a5 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
@@ -455,23 +455,21 @@ public class Request implements HttpServletRequest
     /* ------------------------------------------------------------ */
     private void extractContentParameters()
     {
-        // Content cannot be encoded
-        if (_metaData!=null && getHttpFields().contains(HttpHeader.CONTENT_ENCODING))
-            throw new BadMessageException(HttpStatus.NOT_IMPLEMENTED_501,"Unsupported Content-Encoding");
-        
         String contentType = getContentType();
         if (contentType == null || contentType.isEmpty())
             _contentParameters=NO_PARAMS;
         else
         {
             _contentParameters=new MultiMap<>();
-            contentType = HttpFields.valueParameters(contentType, null);
             int contentLength = getContentLength();
             if (contentLength != 0 && _inputState == __NONE)
             {
+                contentType = HttpFields.valueParameters(contentType, null);
                 if (MimeTypes.Type.FORM_ENCODED.is(contentType) &&
                     _channel.getHttpConfiguration().isFormEncodedMethod(getMethod()))
                 {
+                    if (_metaData!=null && getHttpFields().contains(HttpHeader.CONTENT_ENCODING))
+                        throw new BadMessageException(HttpStatus.NOT_IMPLEMENTED_501,"Unsupported Content-Encoding");
                     extractFormParameters(_contentParameters);
                 }
                 else if (MimeTypes.Type.MULTIPART_FORM_DATA.is(contentType) &&
@@ -480,6 +478,8 @@ public class Request implements HttpServletRequest
                 {
                     try
                     {
+                        if (_metaData!=null && getHttpFields().contains(HttpHeader.CONTENT_ENCODING))
+                            throw new BadMessageException(HttpStatus.NOT_IMPLEMENTED_501,"Unsupported Content-Encoding");
                         getParts(_contentParameters);
                     }
                     catch (IOException | ServletException e)
@@ -490,7 +490,6 @@ public class Request implements HttpServletRequest
                 }
             }
         }
-
     }
 
     /* ------------------------------------------------------------ */
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
index b7add70fecf..802e7b10a28 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
@@ -18,6 +18,7 @@
 
 package org.eclipse.jetty.server;
 
+import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.not;
@@ -28,7 +29,6 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNotSame;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertSame;
-import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
@@ -634,7 +634,7 @@ public class RequestTest
         };
 
         //Send a request with encoded form content
-        String request="GET / HTTP/1.1\r\n"+
+        String request="POST / HTTP/1.1\r\n"+
         "Host: whatever\r\n"+
         "Content-Type: application/x-www-form-urlencoded; charset=utf-8\n"+
         "Content-Length: 10\n"+
@@ -647,6 +647,34 @@ public class RequestTest
         assertThat(responses,startsWith("HTTP/1.1 200"));
     }
 
+
+    @Test
+    public void testEncodedNotParams() throws Exception
+    {
+        _handler._checker = new RequestTester()
+        {
+            @Override
+            public boolean check(HttpServletRequest request,HttpServletResponse response)
+            {
+                return request.getParameter("param")==null;
+            }
+        };
+
+        //Send a request with encoded form content
+        String request="POST / HTTP/1.1\r\n"+
+            "Host: whatever\r\n"+
+            "Content-Type: application/octet-stream\n"+
+            "Content-Length: 10\n"+
+            "Content-Encoding: gzip\n"+
+            "Connection: close\n"+
+            "\n"+
+            "0123456789\n";
+
+        String responses=_connector.getResponse(request);
+        assertThat(responses,startsWith("HTTP/1.1 200"));
+    }
+
+
     @Test
     public void testInvalidHostHeader() throws Exception
     {
@@ -1815,7 +1843,7 @@ public class RequestTest
             ((Request)request).setHandled(true);
 
             if (request.getContentLength()>0
-                    && !MimeTypes.Type.FORM_ENCODED.asString().equals(request.getContentType())
+                    && !request.getContentType().startsWith(MimeTypes.Type.FORM_ENCODED.asString())
                     && !request.getContentType().startsWith("multipart/form-data"))
                 _content=IO.toString(request.getInputStream());
 

From b19d9b27abceb6536b879b8e6caf7a1761b18f6a Mon Sep 17 00:00:00 2001
From: olivier lamy <oliver.lamy@gmail.com>
Date: Fri, 26 Oct 2018 12:38:11 +1000
Subject: [PATCH 2/2] use maven pmd plugin 3.11.0

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c25b37051f4..18221c13ddc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -529,7 +529,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-pmd-plugin</artifactId>
-          <version>3.10.0</version>
+          <version>3.11.0</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>