(tomcat) branch 9.0.x updated: Fix BZ 68495 - force conversion to String

Sat, 02 Mar 2024 02:30:18 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 59f09b4ca1 Fix BZ 68495 - force conversion to String
59f09b4ca1 is described below

commit 59f09b4ca128d8cbdaab788fc1dcd301bb0385d1
Author: Mark Thomas <[email protected]>
AuthorDate: Sat Mar 2 10:27:39 2024 +0000

    Fix BZ 68495 - force conversion to String
    
    When restoring a saved POST request after a successful FORM
    authentication, ensure that neither the URI, the query string nor the
    protocol are corrupted when restoring the request body.
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=68495
---
 java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 +++---
 webapps/docs/changelog.xml                                    | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index fc449abd5f..a5e2556710 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -643,9 +643,9 @@ public class FormAuthenticator extends AuthenticatorBase {
         // it would in a normal request would require some invasive API 
changes.
         // Therefore force the conversion to String now so the correct values
         // are presented if the application requests them.
-        request.getRequestURI();
-        request.getQueryString();
-        request.getProtocol();
+        request.getCoyoteRequest().requestURI().toStringType();
+        request.getCoyoteRequest().queryString().toStringType();
+        request.getCoyoteRequest().protocol().toStringType();
 
         if (saved.getOriginalMaxInactiveInterval() > 0) {
             
session.setMaxInactiveInterval(saved.getOriginalMaxInactiveInterval());
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 928d515442..960029a715 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
         configured using the <code>Executor</code> element now implement
         <code>ExecutorService</code> for better support NIO2. (remm)
       </fix>
+      <fix>
+        <bug>68495</bug>: When restoring a saved POST request after a 
successful
+        FORM authentication, ensure that neither the URI, the query string nor
+        the protocol are corrupted when restoring the request body. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to