jfarcand 2002/12/04 09:43:05
Modified: coyote/src/java/org/apache/coyote/tomcat4
CoyoteResponse.java
Log:
Fix for bugtraq 4772112 encodeURL does not encode session with empty URL (rfc2396)
Revision Changes Path
1.30 +12 -6
jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteResponse.java
Index: CoyoteResponse.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/tomcat4/CoyoteResponse.java,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- CoyoteResponse.java 11 Nov 2002 11:01:04 -0000 1.29
+++ CoyoteResponse.java 4 Dec 2002 17:43:05 -0000 1.30
@@ -981,10 +981,16 @@
* @param url URL to be encoded
*/
public String encodeURL(String url) {
-
- if (isEncodeable(toAbsolute(url))) {
+
+ String absolute = toAbsolute(url);
+ if (isEncodeable(absolute)) {
HttpServletRequest hreq =
(HttpServletRequest) request.getRequest();
+
+ // W3c spec clearly said
+ if (url.equalsIgnoreCase("")){
+ url = absolute;
+ }
return (toEncoded(url, hreq.getSession().getId()));
} else {
return (url);
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
