tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jfarc...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5 CoyoteResponse.java
Date Wed, 04 Dec 2002 17:42:33 GMT
jfarcand    2002/12/04 09:42:32

  Modified:    coyote/src/java/org/apache/coyote/tomcat5
                        CoyoteResponse.java
  Log:
  Fix for bugtraq 4772112 encodeURL does not encode session with empty URL (rfc2396)
  
  Revision  Changes    Path
  1.15      +12 -6     jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteResponse.java
  
  Index: CoyoteResponse.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteResponse.java,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- CoyoteResponse.java	3 Dec 2002 16:37:59 -0000	1.14
  +++ CoyoteResponse.java	4 Dec 2002 17:42:31 -0000	1.15
  @@ -1033,10 +1033,16 @@
        * @param url URL to be encoded
        */
       public String encodeURL(String url) {
  -
  -        if (isEncodeable(toAbsolute(url))) {
  +        
  +        String absolute = toAbsolute(url);
  +        if (isEncodeable(absolute)) {
               HttpServletRequest hreq =
                   (HttpServletRequest) request.getRequest();
  +            
  +            // W3c spec clearly said 
  +            if (url.equalsIgnoreCase("")){
  +                url = absolute;
  +            }
               return (toEncoded(url, hreq.getSession().getId()));
           } else {
               return (url);
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message