changelog.xml

markt Wed, 09 Mar 2016 07:13:09 -0800

Author: markt
Date: Wed Mar  9 15:12:19 2016
New Revision: 1734258

URL: http://svn.apache.org/viewvc?rev=1734258&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59151
Fix a regression in the fix for  BZ 56917 that added additional (and arguably 
unnecessary) validation to the provided redirect location.


Modified:
    tomcat/trunk/java/org/apache/catalina/connector/Response.java
    tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/connector/Response.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/Response.java?rev=1734258&r1=1734257&r2=1734258&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/connector/Response.java (original)
+++ tomcat/trunk/java/org/apache/catalina/connector/Response.java Wed Mar  9 
15:12:19 2016
@@ -19,7 +19,6 @@ package org.apache.catalina.connector;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.net.MalformedURLException;
-import java.net.URI;
 import java.net.URL;
 import java.nio.charset.Charset;
 import java.security.AccessController;
@@ -1335,7 +1334,7 @@ public class Response implements HttpSer
             // Relative redirects require HTTP/1.1
             if (getRequest().getCoyoteRequest().getSupportsRelativeRedirects() 
&&
                     getContext().getUseRelativeRedirects()) {
-                locationUri = URI.create(location).toASCIIString();
+                locationUri = location;
             } else {
                 locationUri = toAbsolute(location);
             }

Modified: tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java?rev=1734258&r1=1734257&r2=1734258&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java (original)
+++ tomcat/trunk/test/org/apache/catalina/connector/TestResponse.java Wed Mar  
9 15:12:19 2016
@@ -38,6 +38,7 @@ import org.junit.Test;
 import org.apache.catalina.Context;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.startup.TomcatBaseTest;
+import org.apache.tomcat.unittest.TesterContext;
 import org.apache.tomcat.unittest.TesterRequest;
 import org.apache.tomcat.util.buf.ByteChunk;
 
@@ -576,6 +577,45 @@ public class TestResponse extends Tomcat
     }
 
 
+    @Test
+    public void testSendRedirect01() throws Exception {
+        doTestSendRedirect("../foo", "../foo");
+    }
+
+
+    @Test
+    public void testSendRedirect02() throws Exception {
+        doTestSendRedirect("../foo bar", "../foo bar");
+    }
+
+
+    @Test
+    public void testSendRedirect03() throws Exception {
+        doTestSendRedirect("../foo%20bar", "../foo%20bar");
+    }
+
+
+    private void doTestSendRedirect(String input, String expectedLocation) 
throws Exception {
+        // Set-up.
+        // Note: Not sufficient for testing relative -> absolute
+        Connector connector = new Connector();
+        org.apache.coyote.Response cResponse = new 
org.apache.coyote.Response();
+        Response response = new Response();
+        response.setConnector(connector);
+        response.setCoyoteResponse(cResponse);
+        Request request = new Request();
+        org.apache.coyote.Request cRequest = new org.apache.coyote.Request();
+        request.setCoyoteRequest(cRequest);
+        Context context = new TesterContext();
+        request.getMappingData().context = context;
+        response.setRequest(request);
+        // Do test
+        response.sendRedirect(input);
+        String location = response.getHeader("Location");
+        Assert.assertEquals(expectedLocation,  location);
+    }
+
+
     @Test
     public void testBug53469a() throws Exception {
         Request req = new TesterRequest();

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1734258&r1=1734257&r2=1734258&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Mar  9 15:12:19 2016
@@ -175,6 +175,11 @@
         Servlet generic so any compression may be used rather than just gzip.
         Patch provided by Mikko Tiihonen. (markt)
       </add>
+      <fix>
+        <bug>59151</bug>: Fix a regression in the fix for <bug>56917</bug> that
+        added additional (and arguably unnecessary) validation to the provided
+        redirect location. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1734258 - in /tomcat/trunk: java/org/apache/catalina/connector/Response.java test/org/apache/catalina/connector/TestResponse.java webapps/docs/changelog.xml

Reply via email to