| Anonymous | Login | Signup for a new account | 12-17-2024 10:59 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0006212 | [Resin] | minor | always | 01-27-19 05:53 | 01-31-19 13:43 | ||||
| Reporter | stbu | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | Platform | |||||
| Status | closed | OS | |||||||
| Projection | none | OS Version | |||||||
| ETA | none | Fixed in Version | 4.0.60 | Product Version | 4.0.59 | ||||
| Product Build | |||||||||
| Summary | 0006212: FileServlet must not use HTML escaped URL in Location header of sendRedirect | ||||||||
| Description |
This change in com.caucho.servlets.FileServlet.java around line 531 is breaking some things: 526c531 < res.setHeader("Location", encUrl); --- > res.setHeader("Location", htmlUrl); Using an HTML escaped URL in the HTTP Location header will break things for an index.jsp behind in a directory. Just consider this kind of web-app structure: web-app-root/ test/ index.jsp And imagine the content of index.jsp is this: <h1>Parameter p1=yes ? <%= "yes".equals(request.getParameter("p1"))%></h1> <h1>Parameter p2=yes ? <%= "yes".equals(request.getParameter("p2"))%></h1> With Resin before 4.0.59 such as 4.0.57 perform a request is correctly treated like this: curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^] HTTP/1.1 301 Moved Permanently Server: Resin/4.0.57 Cache-Control: private Location: http://localhost/test/?p1=yes&p2=yes [^] Content-Type: text/html; charset=utf-8 Content-Length: 82 Date: Sun, 27 Jan 2019 13:22:18 GMT HTTP/1.1 200 OK Server: Resin/4.0.57 Cache-Control: private Content-Type: text/html; charset=ISO-8859-1 Content-Length: 66 Date: Sun, 27 Jan 2019 13:22:24 GMT <h1>Parameter p1=yes ? true</h1> <h1>Parameter p2=yes ? true</h1> => Result: Since the request is performed against the directory /test without a trailing slash, the File Servlet will kick in and perform a sendRedirect. The Location header used in this 301 Redirect is correct and the ?p1=yes and &p2=yes will arrive correctly at the /test/index.jsp But with 4.0.59 the same request will have a changed output: curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^] HTTP/1.1 301 Moved Permanently Server: Resin/4.0.59 Cache-Control: private Location: http://localhost/test/?p1=yes&p2=yes [^] Content-Type: text/html; charset=utf-8 Content-Length: 86 Date: Sun, 27 Jan 2019 13:20:41 GMT HTTP/1.1 200 OK Server: Resin/4.0.59 Cache-Control: private Content-Type: text/html; charset=ISO-8859-1 Content-Length: 67 Date: Sun, 27 Jan 2019 13:20:41 GMT <h1>Parameter p1=yes ? true</h1> <h1>Parameter p2=yes ? false</h1> => Result: The Location header in the 301 redirect is now HTML escaped and the &p2=yes was changed to &p2=yes The index.jsp asking for Parameter "p2" will not anymore get the value "yes". |
||||||||
| Steps To Reproduce | |||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0006868) ferg 01-31-19 13:43 |
server/001x |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 01-27-19 05:53 | stbu | New Issue | |
| 01-27-19 05:53 | stbu | Issue Monitored: stbu | |
| 01-31-19 13:43 | ferg | Note Added: 0006868 | |
| 01-31-19 13:43 | ferg | Assigned To | => ferg |
| 01-31-19 13:43 | ferg | Status | new => closed |
| 01-31-19 13:43 | ferg | Resolution | open => fixed |
| 01-31-19 13:43 | ferg | Fixed in Version | => 4.0.60 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed. 26 unique queries executed. |  |
