Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.3.0.Final, 2.2.18.Final, 2.3.0.Alpha2
Affects Version/s: 2.2.17.Final
Component/s: Servlet
Labels:
- downstream_dependency

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1319, https://github.com/undertow-io/undertow/pull/1337

If an app is bound to a context with a trailing slash:

<context-root>/app/</context-root>

Then relative redirects can be incorrect. For instance, if requesting /app/redirect.jsp then response.sendRedirect("newpage.jsp") would previously return a location of /app/newpage.jsp. But now it results in /app/redirect.jspnewpage.jsp.

That's because after ~~UNDERTOW-1409~~, this:

                    current = current.substring(0, lastSlash + 1);

Does not see a last slash and so does not modify the current string, meaning that this:

                realPath = CanonicalPathUtils.canonicalize(servletContext.getContextPath() + current + location);

ends up being called with values like /app/+redirect.jsp+newpage.jsp.

is caused by

UNDERTOW-1409 sendRedirect to relative urls does not properly encode the current path

Resolved

is incorporated by

JBEAP-23581 [GSS](7.4.z) UNDERTOW-2094 - Bad relative redirect is generated if app is mapped to trailing slash context

Closed

WFCORE-6057 Upgrade Undertow to 2.3.0.Final (CVE-2022-2764)

Closed

WFCORE-5946 Upgrade Undertow to 2.2.18.Final

Closed

Assignee:: Flavia Rainone

Reporter:: Aaron Ogburn

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/05/18 8:14 PM

Updated:: 2022/12/09 11:26 AM

Resolved:: 2022/06/14 5:52 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates