This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 7c467ebb6e Fix additional double decoding issues.
7c467ebb6e is described below
commit 7c467ebb6e79de57b994e3717c350c6d3c66b9c6
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jun 2 10:53:54 2026 +0100
Fix additional double decoding issues.
---
java/org/apache/catalina/core/StandardContext.java | 4 ++--
.../tomcat/util/descriptor/web/LoginConfig.java | 20 ++++++++++++++++++++
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index c6d9d6dd8f..a77203a747 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -2014,7 +2014,7 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
if (log.isDebugEnabled()) {
log.debug(sm.getString("standardContext.loginConfig.loginWarning", loginPage));
}
- config.setLoginPage("/" + loginPage);
+ config.setLoginPageDecoded("/" + loginPage);
} else {
throw new
IllegalArgumentException(sm.getString("standardContext.loginConfig.loginPage",
loginPage));
}
@@ -2025,7 +2025,7 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
if (log.isDebugEnabled()) {
log.debug(sm.getString("standardContext.loginConfig.errorWarning", errorPage));
}
- config.setErrorPage("/" + errorPage);
+ config.setErrorPageDecoded("/" + errorPage);
} else {
throw new
IllegalArgumentException(sm.getString("standardContext.loginConfig.errorPage",
errorPage));
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
index e97fb81989..a46294cbe0 100644
--- a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
+++ b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
@@ -112,6 +112,16 @@ public class LoginConfig extends XmlEncodingBase
implements Serializable {
}
+ /**
+ * Set the already decoded error page URI.
+ *
+ * @param errorPage the decoded errorPage to set
+ */
+ public void setErrorPageDecoded(String errorPage) {
+ this.errorPage = errorPage;
+ }
+
+
/**
* The context-relative URI of the login page for form login.
*/
@@ -136,6 +146,16 @@ public class LoginConfig extends XmlEncodingBase
implements Serializable {
}
+ /**
+ * Set the already decoded login page URI.
+ *
+ * @param loginPage the decoded loginPage to set
+ */
+ public void setLoginPageDecoded(String loginPage) {
+ this.loginPage = loginPage;
+ }
+
+
/**
* The realm name used when challenging the user for authentication
credentials.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
