|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 6212 | minor | always | 01-27-19 05:53 | 01-31-19 13:43 | |
|
|
|||||
| Reporter: | stbu | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 4.0.59 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 4.0.60 | ||
|
|
|||||
| Summary: | 0006212: FileServlet must not use HTML escaped URL in Location header of sendRedirect | ||||
| Description: |
This change in com.caucho.servlets.FileServlet.java around line 531 is breaking some things: 526c531 < res.setHeader("Location", encUrl); --- > res.setHeader("Location", htmlUrl); Using an HTML escaped URL in the HTTP Location header will break things for an index.jsp behind in a directory. Just consider this kind of web-app structure: web-app-root/ test/ index.jsp And imagine the content of index.jsp is this: <h1>Parameter p1=yes ? <%= "yes".equals(request.getParameter("p1"))%></h1> <h1>Parameter p2=yes ? <%= "yes".equals(request.getParameter("p2"))%></h1> With Resin before 4.0.59 such as 4.0.57 perform a request is correctly treated like this: curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^] HTTP/1.1 301 Moved Permanently Server: Resin/4.0.57 Cache-Control: private Location: http://localhost/test/?p1=yes&p2=yes [^] Content-Type: text/html; charset=utf-8 Content-Length: 82 Date: Sun, 27 Jan 2019 13:22:18 GMT HTTP/1.1 200 OK Server: Resin/4.0.57 Cache-Control: private Content-Type: text/html; charset=ISO-8859-1 Content-Length: 66 Date: Sun, 27 Jan 2019 13:22:24 GMT <h1>Parameter p1=yes ? true</h1> <h1>Parameter p2=yes ? true</h1> => Result: Since the request is performed against the directory /test without a trailing slash, the File Servlet will kick in and perform a sendRedirect. The Location header used in this 301 Redirect is correct and the ?p1=yes and &p2=yes will arrive correctly at the /test/index.jsp But with 4.0.59 the same request will have a changed output: curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^] HTTP/1.1 301 Moved Permanently Server: Resin/4.0.59 Cache-Control: private Location: http://localhost/test/?p1=yes&p2=yes [^] Content-Type: text/html; charset=utf-8 Content-Length: 86 Date: Sun, 27 Jan 2019 13:20:41 GMT HTTP/1.1 200 OK Server: Resin/4.0.59 Cache-Control: private Content-Type: text/html; charset=ISO-8859-1 Content-Length: 67 Date: Sun, 27 Jan 2019 13:20:41 GMT <h1>Parameter p1=yes ? true</h1> <h1>Parameter p2=yes ? false</h1> => Result: The Location header in the 301 redirect is now HTML escaped and the &p2=yes was changed to &p2=yes The index.jsp asking for Parameter "p2" will not anymore get the value "yes". |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||