Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1409

sendRedirect to relative urls does not properly encode the current path

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.2.13.Final, 2.0.42.Final
    • 2.0.3.Final, 2.0.13.Final
    • Servlet
    • None

      When redirecting to a relative URL, the current URL is not correctly URL encoded. For example, take these redirections:

      16:59:31,245 INFO  [stdout] (default task-1) Request at /testredirect-1.0-SNAPSHOT/
      16:59:31,245 INFO  [stdout] (default task-1) Redirecting to: http://localhost:8080/testredirect-1.0-SNAPSHOT/invalid-%5B123%5D/main
      16:59:31,255 INFO  [stdout] (default task-1) Request at /testredirect-1.0-SNAPSHOT/invalid-%5B123%5D/main
      16:59:31,264 INFO  [stdout] (default task-1) Redirecting to: http://localhost:8080/testredirect-1.0-SNAPSHOT/invalid-[123]/subpath (using sendRedirect("./subpath"))
      16:59:31,265 INFO  [stdout] (default task-1) Request at /testredirect-1.0-SNAPSHOT/invalid-[123]/subpath
      

      The problem seems to be in io.undertow.servlet.spec.HttpServletResponseImpl.sendRedirect. Here String current = exchange.getRelativePath(); returns the path unencoded as '/invalid-[123]/'. This ends up in realPath and loc.

      I've attached a very simple example application that shows the erroneous redirect. Deploy this application and navigate to http://localhost:8080/testredirect-1.0-SNAPSHOT/.

              rhn-cservice-bbaranow Bartosz Baranowski
              papegaaij Emond Papegaaij
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: