amyroh 2003/12/08 16:50:58 Modified: catalina/src/share/org/apache/catalina/realm RealmBase.java Log: Strip out uri parameters (";*") during filter mappings or security constraints matching - bugtraq 4903209. Revision Changes Path 1.18 +16 -4 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java Index: RealmBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm/RealmBase.java,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- RealmBase.java 2 Sep 2003 21:22:05 -0000 1.17 +++ RealmBase.java 9 Dec 2003 00:50:58 -0000 1.18 @@ -460,6 +460,18 @@ String contextPath = hreq.getContextPath(); if (contextPath.length() > 0) uri = uri.substring(contextPath.length()); + + if (uri != null) { + int semicolon = uri.indexOf(";"); + if (semicolon >= 0) { + String baseuri = uri.substring(0, semicolon); + if (debug >= 2) + log("Request uri '" + uri + "' treated as '" + baseuri + + "' for security constraint matching."); + uri = baseuri; + } + } + String method = hreq.getMethod(); for (int i = 0; i < constraints.length; i++) { if (log.isDebugEnabled())
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]