This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 2406c46918 Fix additional double decoding issues.
2406c46918 is described below
commit 2406c46918db38762929063be2da1d40edcfc954
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jun 2 10:53:54 2026 +0100
Fix additional double decoding issues.
---
java/org/apache/catalina/core/StandardContext.java | 4 ++--
.../tomcat/util/descriptor/web/LoginConfig.java | 20 ++++++++++++++++++++
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/core/StandardContext.java
b/java/org/apache/catalina/core/StandardContext.java
index fc75266a7a..ffcbe21ad1 100644
--- a/java/org/apache/catalina/core/StandardContext.java
+++ b/java/org/apache/catalina/core/StandardContext.java
@@ -1947,7 +1947,7 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
if (log.isDebugEnabled()) {
log.debug(sm.getString("standardContext.loginConfig.loginWarning", loginPage));
}
- config.setLoginPage("/" + loginPage);
+ config.setLoginPageDecoded("/" + loginPage);
} else {
throw new
IllegalArgumentException(sm.getString("standardContext.loginConfig.loginPage",
loginPage));
}
@@ -1958,7 +1958,7 @@ public class StandardContext extends ContainerBase
implements Context, Notificat
if (log.isDebugEnabled()) {
log.debug(sm.getString("standardContext.loginConfig.errorWarning", errorPage));
}
- config.setErrorPage("/" + errorPage);
+ config.setErrorPageDecoded("/" + errorPage);
} else {
throw new
IllegalArgumentException(sm.getString("standardContext.loginConfig.errorPage",
errorPage));
}
diff --git a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
index e97fb81989..a46294cbe0 100644
--- a/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
+++ b/java/org/apache/tomcat/util/descriptor/web/LoginConfig.java
@@ -112,6 +112,16 @@ public class LoginConfig extends XmlEncodingBase
implements Serializable {
}
+ /**
+ * Set the already decoded error page URI.
+ *
+ * @param errorPage the decoded errorPage to set
+ */
+ public void setErrorPageDecoded(String errorPage) {
+ this.errorPage = errorPage;
+ }
+
+
/**
* The context-relative URI of the login page for form login.
*/
@@ -136,6 +146,16 @@ public class LoginConfig extends XmlEncodingBase
implements Serializable {
}
+ /**
+ * Set the already decoded login page URI.
+ *
+ * @param loginPage the decoded loginPage to set
+ */
+ public void setLoginPageDecoded(String loginPage) {
+ this.loginPage = loginPage;
+ }
+
+
/**
* The realm name used when challenging the user for authentication
credentials.
*/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
