amyroh 2003/12/08 16:50:28
Modified: catalina/src/share/org/apache/catalina/core
ApplicationFilterFactory.java
Log:
Strip out uri parameters (";*") during filter mappings or security constraints
matching - bugtraq 4903209.
Revision Changes Path
1.12 +7 -3
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterFactory.java
Index: ApplicationFilterFactory.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterFactory.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ApplicationFilterFactory.java 2 Sep 2003 21:22:04 -0000 1.11
+++ ApplicationFilterFactory.java 9 Dec 2003 00:50:28 -0000 1.12
@@ -156,6 +156,10 @@
if (attribute != null){
requestPath = attribute.toString();
+ int semicolon = requestPath.indexOf(";");
+ if (semicolon >= 0) {
+ requestPath = requestPath.substring(0, semicolon);
+ }
}
HttpServletRequest hreq = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
