Mantis Bugtracker
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0006212 [Resin] minor always 01-27-19 05:53 01-31-19 13:43
Reporter stbu View Status public  
Assigned To ferg
Priority normal Resolution fixed  
Status closed   Product Version 4.0.59
Summary 0006212: FileServlet must not use HTML escaped URL in Location header of sendRedirect
Description This change in com.caucho.servlets.FileServlet.java around line 531 is breaking some things:

526c531
< res.setHeader("Location", encUrl);
---
> res.setHeader("Location", htmlUrl);


Using an HTML escaped URL in the HTTP Location header will break things for an index.jsp behind in a directory.
Just consider this kind of web-app structure:

web-app-root/
            test/
                 index.jsp

And imagine the content of index.jsp is this:
<h1>Parameter p1=yes ? <%= "yes".equals(request.getParameter("p1"))%></h1>
<h1>Parameter p2=yes ? <%= "yes".equals(request.getParameter("p2"))%></h1>


With Resin before 4.0.59 such as 4.0.57 perform a request is correctly treated like this:
curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^]

HTTP/1.1 301 Moved Permanently
Server: Resin/4.0.57
Cache-Control: private
Location: http://localhost/test/?p1=yes&p2=yes [^]
Content-Type: text/html; charset=utf-8
Content-Length: 82
Date: Sun, 27 Jan 2019 13:22:18 GMT

HTTP/1.1 200 OK
Server: Resin/4.0.57
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 66
Date: Sun, 27 Jan 2019 13:22:24 GMT

<h1>Parameter p1=yes ? true</h1>
<h1>Parameter p2=yes ? true</h1>

=> Result:
Since the request is performed against the directory /test without a trailing slash, the File Servlet will kick in and perform a sendRedirect.
The Location header used in this 301 Redirect is correct and the ?p1=yes and &p2=yes will arrive correctly at the /test/index.jsp



But with 4.0.59 the same request will have a changed output:
curl -L -i 'http://localhost/test?p1=yes&p2=yes' [^]

HTTP/1.1 301 Moved Permanently
Server: Resin/4.0.59
Cache-Control: private
Location: http://localhost/test/?p1=yes&amp;p2=yes [^]
Content-Type: text/html; charset=utf-8
Content-Length: 86
Date: Sun, 27 Jan 2019 13:20:41 GMT

HTTP/1.1 200 OK
Server: Resin/4.0.59
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 67
Date: Sun, 27 Jan 2019 13:20:41 GMT

<h1>Parameter p1=yes ? true</h1>
<h1>Parameter p2=yes ? false</h1>


=> Result:
The Location header in the 301 redirect is now HTML escaped and the &p2=yes was changed to &amp;p2=yes
The index.jsp asking for Parameter "p2" will not anymore get the value "yes".

Additional Information
Attached Files

- Relationships

- Notes
(0006868)
ferg
01-31-19 13:43

server/001x
 

- Issue History
Date Modified Username Field Change
01-27-19 05:53 stbu New Issue
01-27-19 05:53 stbu Issue Monitored: stbu
01-31-19 13:43 ferg Note Added: 0006868
01-31-19 13:43 ferg Assigned To  => ferg
01-31-19 13:43 ferg Status new => closed
01-31-19 13:43 ferg Resolution open => fixed
01-31-19 13:43 ferg Fixed in Version  => 4.0.60


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
30 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker