Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006212 [Resin] minor always 01-27-19 05:53 01-31-19 13:43
Reporter stbu View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 4.0.60 Product Version 4.0.59
  Product Build
Summary 0006212: FileServlet must not use HTML escaped URL in Location header of sendRedirect
Description This change in com.caucho.servlets.FileServlet.java around line 531 is breaking some things:

526c531
< res.setHeader("Location", encUrl);
---
> res.setHeader("Location", htmlUrl);


Using an HTML escaped URL in the HTTP Location header will break things for an index.jsp behind in a directory.
Just consider this kind of web-app structure:

web-app-root/
            test/
                 index.jsp

And imagine the content of index.jsp is this:
<h1>Parameter p1=yes ? <%= "yes".equals(request.getParameter("p1"))%></h1>
<h1>Parameter p2=yes ? <%= "yes".equals(request.getParameter("p2"))%></h1>


With Resin before 4.0.59 such as 4.0.57 perform a request is correctly treated like this:
curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^]

HTTP/1.1 301 Moved Permanently
Server: Resin/4.0.57
Cache-Control: private
Location: http://localhost/test/?p1=yes&p2=yes [^]
Content-Type: text/html; charset=utf-8
Content-Length: 82
Date: Sun, 27 Jan 2019 13:22:18 GMT

HTTP/1.1 200 OK
Server: Resin/4.0.57
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 66
Date: Sun, 27 Jan 2019 13:22:24 GMT

<h1>Parameter p1=yes ? true</h1>
<h1>Parameter p2=yes ? true</h1>

=> Result:
Since the request is performed against the directory /test without a trailing slash, the File Servlet will kick in and perform a sendRedirect.
The Location header used in this 301 Redirect is correct and the ?p1=yes and &p2=yes will arrive correctly at the /test/index.jsp



But with 4.0.59 the same request will have a changed output:
curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^]

HTTP/1.1 301 Moved Permanently
Server: Resin/4.0.59
Cache-Control: private
Location: http://localhost/test/?p1=yes&amp;p2=yes [^]
Content-Type: text/html; charset=utf-8
Content-Length: 86
Date: Sun, 27 Jan 2019 13:20:41 GMT

HTTP/1.1 200 OK
Server: Resin/4.0.59
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 67
Date: Sun, 27 Jan 2019 13:20:41 GMT

<h1>Parameter p1=yes ? true</h1>
<h1>Parameter p2=yes ? false</h1>


=> Result:
The Location header in the 301 redirect is now HTML escaped and the &p2=yes was changed to &amp;p2=yes
The index.jsp asking for Parameter "p2" will not anymore get the value "yes".

Steps To Reproduce
Additional Information
Attached Files

- Relationships

- Notes
(0006868)
ferg
01-31-19 13:43

server/001x
 

- Issue History
Date Modified Username Field Change
01-27-19 05:53 stbu New Issue
01-27-19 05:53 stbu Issue Monitored: stbu
01-31-19 13:43 ferg Note Added: 0006868
01-31-19 13:43 ferg Assigned To  => ferg
01-31-19 13:43 ferg Status new => closed
01-31-19 13:43 ferg Resolution open => fixed
01-31-19 13:43 ferg Fixed in Version  => 4.0.60


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker