jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From juanpa...@apache.org
Subject svn commit: r1553571 - /jspwiki/trunk/jspwiki-war/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
Date Thu, 26 Dec 2013 20:08:12 GMT
Author: juanpablo
Date: Thu Dec 26 20:08:11 2013
New Revision: 1553571

URL: http://svn.apache.org/r1553571
Log:
sonar: Security - HTTP Response splitting vulnerability

Modified:
    jspwiki/trunk/jspwiki-war/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java

Modified: jspwiki/trunk/jspwiki-war/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
URL: http://svn.apache.org/viewvc/jspwiki/trunk/jspwiki-war/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java?rev=1553571&r1=1553570&r2=1553571&view=diff
==============================================================================
--- jspwiki/trunk/jspwiki-war/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
(original)
+++ jspwiki/trunk/jspwiki-war/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
Thu Dec 26 20:08:11 2013
@@ -23,6 +23,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.SocketException;
+import java.net.URLEncoder;
 import java.security.Permission;
 import java.security.Principal;
 import java.util.List;
@@ -300,17 +301,17 @@ public class AttachmentServlet extends H
                     msg = "Attachment "+att.getFileName()+" sent to "+req.getRemoteUser()+"
on "+HttpUtil.getRemoteAddress(req);
                     log.debug( msg );
                 }
-                if( nextPage != null ) res.sendRedirect( nextPage );
+                if( nextPage != null ) {
+                	res.sendRedirect( URLEncoder.encode( nextPage, m_engine.getContentEncoding()
) );
+                }
 
                 return;
             }
 
-            msg = "Attachment '" + page + "', version " + ver +
-                  " does not exist.";
+            msg = "Attachment '" + page + "', version " + ver + " does not exist.";
 
             log.info( msg );
-            res.sendError( HttpServletResponse.SC_NOT_FOUND,
-                           msg );
+            res.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
             return;
         }
         catch( ProviderException pe )



Mime
View raw message