restored backward compatibility

lprimak · lprimak · commit 26f6a0f9d20f · 2026-01-19T01:26:35.000-06:00
diff --git a/web/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java b/web/src/main/java/org/apache/shiro/web/filter/InvalidRequestFilter.java
@@ -46,8 +46,7 @@
  * @since 1.6
  */
 public class InvalidRequestFilter extends AccessControlFilter {
-
-    enum PathTraversalBlockMode {
+    public enum PathTraversalBlockMode {
         STRICT,
         NORMAL,
         NO_BLOCK;
@@ -129,10 +128,10 @@ private static boolean containsOnlyPrintableAsciiCharacters(String uri) {
     }
 
     private boolean containsTraversal(String uri) {
-        if (isBlockTraversalNormal()) {
+        if (pathTraversalBlockMode == PathTraversalBlockMode.NORMAL) {
             return !(isNormalized(uri));
         }
-        if (isBlockTraversalStrict()) {
+        if (pathTraversalBlockMode == PathTraversalBlockMode.STRICT) {
             return !(isNormalized(uri)
                     && PERIOD.stream().noneMatch(uri::contains)
                     && FORWARDSLASH.stream().noneMatch(uri::contains));
@@ -190,21 +189,49 @@ public void setBlockNonAscii(boolean blockNonAscii) {
         this.blockNonAscii = blockNonAscii;
     }
 
-    public boolean isBlockTraversalNormal() {
-        return pathTraversalBlockMode == PathTraversalBlockMode.NORMAL;
+    public PathTraversalBlockMode getPathTraversalBlockMode() {
+        return pathTraversalBlockMode;
+    }
+
+    public void setBlockPathTraversal(PathTraversalBlockMode mode) {
+        this.pathTraversalBlockMode = mode;
     }
 
-    public boolean isBlockTraversalStrict() {
+    public boolean isBlockEncodedPeriod() {
         return pathTraversalBlockMode == PathTraversalBlockMode.STRICT;
     }
 
-    public void setPathTraversalBlockMode(PathTraversalBlockMode mode) {
-        this.pathTraversalBlockMode = mode;
+    public void setBlockEncodedPeriod(boolean blockEncodedPeriod) {
+        setBlockPathTraversal(blockEncodedPeriod ? PathTraversalBlockMode.STRICT : PathTraversalBlockMode.NORMAL);
+    }
+
+    public boolean isBlockEncodedForwardSlash() {
+        return pathTraversalBlockMode == PathTraversalBlockMode.STRICT;
+    }
+
+    public void setBlockEncodedForwardSlash(boolean blockEncodedForwardSlash) {
+        setBlockPathTraversal(blockEncodedForwardSlash ? PathTraversalBlockMode.STRICT : PathTraversalBlockMode.NORMAL);
+    }
+
+    public boolean isBlockRewriteTraversal() {
+        return pathTraversalBlockMode == PathTraversalBlockMode.NORMAL;
+    }
+
+    public void setBlockRewriteTraversal(boolean blockRewriteTraversal) {
+        setBlockPathTraversal(blockRewriteTraversal ? PathTraversalBlockMode.NORMAL : PathTraversalBlockMode.NO_BLOCK);
+    }
+
+    /**
+     * @deprecated use {@link #getPathTraversalBlockMode()} instead
+     */
+    @Deprecated
+    public boolean isBlockTraversal() {
+        return pathTraversalBlockMode != PathTraversalBlockMode.NO_BLOCK;
     }
 
     /**
      *
-     * @deprecated Use {@link #setPathTraversalBlockMode(PathTraversalBlockMode)}
+     * @deprecated Use {@link #setBlockPathTraversal(PathTraversalBlockMode)}
      */
     @Deprecated
     public void setBlockTraversal(boolean blockTraversal) {
diff --git a/web/src/test/groovy/org/apache/shiro/web/filter/InvalidRequestFilterTest.groovy b/web/src/test/groovy/org/apache/shiro/web/filter/InvalidRequestFilterTest.groovy
@@ -39,7 +39,8 @@ class InvalidRequestFilterTest {
         assertThat "filter.blockBackslash expected to be true", filter.isBlockBackslash()
         assertThat "filter.blockNonAscii expected to be true", filter.isBlockNonAscii()
         assertThat "filter.blockSemicolon expected to be true", filter.isBlockSemicolon()
-        assertThat "filter.blockTraversal expected to be NORMAL", filter.isBlockTraversalNormal()
+        assertThat "filter.blockTraversal expected to be NORMAL",
+                filter.getPathTraversalBlockMode() == InvalidRequestFilter.PathTraversalBlockMode.NORMAL
     }
 
     @Test
@@ -106,7 +107,7 @@ class InvalidRequestFilterTest {
     @Test
     void testBlocksTraversalStrict() {
         InvalidRequestFilter filter = new InvalidRequestFilter()
-        filter.setPathTraversalBlockMode(InvalidRequestFilter.PathTraversalBlockMode.STRICT)
+        filter.setBlockPathTraversal(InvalidRequestFilter.PathTraversalBlockMode.STRICT)
         assertPathBlocked(filter, "/something/../")
         assertPathBlocked(filter, "/something/../bar")
         assertPathBlocked(filter, "/something/../bar/")
@@ -182,7 +183,7 @@ class InvalidRequestFilterTest {
     @Test
     void testAllowTraversal() {
         InvalidRequestFilter filter = new InvalidRequestFilter()
-        filter.setPathTraversalBlockMode(InvalidRequestFilter.PathTraversalBlockMode.NO_BLOCK);
+        filter.setBlockPathTraversal(InvalidRequestFilter.PathTraversalBlockMode.NO_BLOCK);
 
         assertPathAllowed(filter, "/something/../")
         assertPathAllowed(filter, "/something/../bar")
