This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new 59f09b4ca1 Fix BZ 68495 - force conversion to String 59f09b4ca1 is described below commit 59f09b4ca128d8cbdaab788fc1dcd301bb0385d1 Author: Mark Thomas <ma...@apache.org> AuthorDate: Sat Mar 2 10:27:39 2024 +0000 Fix BZ 68495 - force conversion to String When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body. https://bz.apache.org/bugzilla/show_bug.cgi?id=68495 --- java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 +++--- webapps/docs/changelog.xml | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java b/java/org/apache/catalina/authenticator/FormAuthenticator.java index fc449abd5f..a5e2556710 100644 --- a/java/org/apache/catalina/authenticator/FormAuthenticator.java +++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java @@ -643,9 +643,9 @@ public class FormAuthenticator extends AuthenticatorBase { // it would in a normal request would require some invasive API changes. // Therefore force the conversion to String now so the correct values // are presented if the application requests them. - request.getRequestURI(); - request.getQueryString(); - request.getProtocol(); + request.getCoyoteRequest().requestURI().toStringType(); + request.getCoyoteRequest().queryString().toStringType(); + request.getCoyoteRequest().protocol().toStringType(); if (saved.getOriginalMaxInactiveInterval() > 0) { session.setMaxInactiveInterval(saved.getOriginalMaxInactiveInterval()); diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 928d515442..960029a715 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -123,6 +123,11 @@ configured using the <code>Executor</code> element now implement <code>ExecutorService</code> for better support NIO2. (remm) </fix> + <fix> + <bug>68495</bug>: When restoring a saved POST request after a successful + FORM authentication, ensure that neither the URI, the query string nor + the protocol are corrupted when restoring the request body. (markt) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org