jfarcand 2002/12/04 09:42:32
Modified: coyote/src/java/org/apache/coyote/tomcat5
CoyoteResponse.java
Log:
Fix for bugtraq 4772112 encodeURL does not encode session with empty URL (rfc2396)
Revision Changes Path
1.15 +12 -6
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteResponse.java
Index: CoyoteResponse.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat5/CoyoteResponse.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- CoyoteResponse.java 3 Dec 2002 16:37:59 -0000 1.14
+++ CoyoteResponse.java 4 Dec 2002 17:42:31 -0000 1.15
@@ -1033,10 +1033,16 @@
* @param url URL to be encoded
*/
public String encodeURL(String url) {
-
- if (isEncodeable(toAbsolute(url))) {
+
+ String absolute = toAbsolute(url);
+ if (isEncodeable(absolute)) {
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
+
+ // W3c spec clearly said
+ if (url.equalsIgnoreCase("")){
+ url = absolute;
+ }
return (toEncoded(url, hreq.getSession().getId()));
} else {
return (url);
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
