Thanks for fixing this. Happy to help. On 3 May 2018 at 21:31, Mark Thomas <ma...@apache.org> wrote:
> On 03/05/18 20:17, Mark Thomas wrote: > > On 02/05/18 16:08, Dirk Ooms wrote: > >> Mark, > >> > >> you can reproduce it using the FormAuthentication example in the > >> examples (http://localhost:8080/examples/jsp/security/protected/) > >> > >> edit index.jsp > >> 1. add the line "RequestURI: <%= request.getRequestURI() %><br><br>" in > >> begin of body > >> 2. change the method of the form from GET to POST > >> > >> scenario: > >> 1. go to http://localhost:8080/examples/jsp/security/protected/ > >> 2. log in > >> 3. open second tab/window to same url > >> 4. log out in second tab/window > >> 5. go to initial window and submit form > >> 6. log in again > >> 7. observe the malformed requestURI > > > > Thanks for the reproduction steps. They were a huge help. > > > > This was introduced in 8.5.x with some refactoring that reduced copying > > between I/O buffers during request processing. Essentially, the saved > > request body was over-writing the cached bytes for the URI. > > Correction. It affects 8.0.x and earlier as well. > > I'll back port the fix for 8.0.x and 7.0.x. > > Mark > > > > > > I'll be committing a fix shortly which will be available in 9.0.9 and > > 8.5.32 onwards. > > > > Mark > > > > > >> > >> see also attached screenshots (if they make it to the mailing list). > >> > >> dirk > >> > >> > >> On 1 May 2018 at 16:20, Dirk Ooms <dir...@gmail.com > >> <mailto:dir...@gmail.com>> wrote: > >> > >> apologies for the incomplete info. it is tomcat 9.0.6 > >> > >> i will try to set up a test case and get back to you. > >> > >> dirk > >> > >> > >> On 1 May 2018 at 16:07, Mark Thomas <ma...@apache.org > >> <mailto:ma...@apache.org>> wrote: > >> > >> On 01/05/18 14:36, Dirk Ooms wrote: > >> > Hello, > >> > > >> > i did an upgrade from tomcat5.5 to tomcat9 and i'm using > j_security_check. > >> > > >> > in tomcat5.5 when a user was not logged in and he/she > requested a url, the > >> > login page was returned and after logging in the user was > given the > >> > requested resource. when i requested request.getRequestURI() > in my code the > >> > returned uri was correct for both GET and POST. > >> > > >> > in tomcat9 this is not the case anymore for POST (for GET > still ok). when i > >> > call request.getRequestURI() after the user is logged in, it > returns > >> > "chString" in my case, which is a part of the name of the > first form field > >> > ("searchString") of the original POST. > >> > > >> > any idea? am i missing something? > >> > >> The exact Tomcat 9 version. > >> > >> A test case that demonstrates the issue. > >> > >> Mark > >> > >> ------------------------------------------------------------ > --------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> <mailto:users-unsubscr...@tomcat.apache.org> > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> <mailto:users-h...@tomcat.apache.org> > >> > >> > >> > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
