(tomcat) branch 8.5.x updated: Fix BZ 68495 - force conversion to String

Sat, 02 Mar 2024 02:30:30 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new eb665c99f7 Fix BZ 68495 - force conversion to String
eb665c99f7 is described below

commit eb665c99f7d1b5596827d08e228562f51056df8a
Author: Mark Thomas <[email protected]>
AuthorDate: Sat Mar 2 10:27:39 2024 +0000

    Fix BZ 68495 - force conversion to String
    
    When restoring a saved POST request after a successful FORM
    authentication, ensure that neither the URI, the query string nor the
    protocol are corrupted when restoring the request body.
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=68495
---
 java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 +++---
 webapps/docs/changelog.xml                                    | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index fc449abd5f..a5e2556710 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -643,9 +643,9 @@ public class FormAuthenticator extends AuthenticatorBase {
         // it would in a normal request would require some invasive API 
changes.
         // Therefore force the conversion to String now so the correct values
         // are presented if the application requests them.
-        request.getRequestURI();
-        request.getQueryString();
-        request.getProtocol();
+        request.getCoyoteRequest().requestURI().toStringType();
+        request.getCoyoteRequest().queryString().toStringType();
+        request.getCoyoteRequest().protocol().toStringType();
 
         if (saved.getOriginalMaxInactiveInterval() > 0) {
             
session.setMaxInactiveInterval(saved.getOriginalMaxInactiveInterval());
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 4313ee557f..e79a1d705b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -114,6 +114,11 @@
         <code>discardFacades</code> is configured with the default value of
         <code>true</code>.
       </fix>
+      <fix>
+        <bug>68495</bug>: When restoring a saved POST request after a 
successful
+        FORM authentication, ensure that neither the URI, the query string nor
+        the protocol are corrupted when restoring the request body. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to