dspavlov commented on PR #208:
URL:
https://github.com/apache/ignite-teamcity-bot/pull/208#issuecomment-4401756130
1. StaticResourceServlet now correctly avoids getPathInfo(), but it no
longer validates the normalized resource path. Please reject paths containing
"..", "\" or starting with "/" after normalization, and handle directories
explicitly. Otherwise arbitrary malformed/static traversal-like paths may be
resolved against classpath static/.
2. 401 login fallback is only partially fixed. showErrInLoadStatus no longer
redirects from /login.html, good. But backref is now appended without
encodeURIComponent(), so URLs with query params will break:
/login.html?backref=" + currentBackref()
Please use encodeURIComponent(currentBackref()).
Also login.html still blindly redirects to any backref after successful
login. It should ignore backrefs pointing to /login.html and fall back to "/".
Required smoke test:
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
