You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/01/13 13:33:23 UTC
svn commit: r1851201 - in /ofbiz/ofbiz-framework/branches/release18.12: ./
framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Author: jleroux
Date: Sun Jan 13 13:33:23 2019
New Revision: 1851201
URL: http://svn.apache.org/viewvc?rev=1851201&view=rev
Log:
"Applied fix from trunk for revision: 1851200"
------------------------------------------------------------------------
r1851200 | jleroux | 2019-01-13 14:31:13 +0100 (dim. 13 janv. 2019) | 11 lignes
Reverted: Impossible secure and autologin cookie names when mountpoint contains
a slash inside its name
(OFBIZ-10766)
In my previous commit I reverted the initial change. As I said in the Jira
I had a second look and it's better to fix the problem at the root as I did
initially.
I wrote in my previous commit: "This method is used in other places where the
name should not be changed." I checked there are no issues changing slashes to
underscores in the cookies names anywhere.
------------------------------------------------------------------------
Modified:
ofbiz/ofbiz-framework/branches/release18.12/ (props changed)
ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Propchange: ofbiz/ofbiz-framework/branches/release18.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun Jan 13 13:33:23 2019
@@ -10,4 +10,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158
+/ofbiz/ofbiz-framework/trunk:1850015,1850023,1850530,1850647,1850685,1850694,1850711,1850914,1850918,1850921,1850948,1850953,1851006,1851013,1851068,1851074,1851130,1851158,1851200
Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1851201&r1=1851200&r2=1851201&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java Sun Jan 13 13:33:23 2019
@@ -668,7 +668,7 @@ public final class UtilHttp {
if (request.getContextPath().length() > 1) {
appName = request.getContextPath().substring(1);
}
- return appName;
+ return appName.replaceAll("/","_");
}
public static void setInitialRequestInfo(HttpServletRequest request) {
Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1851201&r1=1851200&r2=1851201&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Sun Jan 13 13:33:23 2019
@@ -932,7 +932,7 @@ public class LoginWorker {
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
- autoLoginCookie.setPath("/" + applicationName.replaceAll("/","_"));
+ autoLoginCookie.setPath("/" + applicationName);
autoLoginCookie.setSecure(true);
autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
@@ -952,7 +952,7 @@ public class LoginWorker {
Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(request), userLogin.getString("userLoginId"));
securedLoginIdCookie.setMaxAge(-1);
securedLoginIdCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
- securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request).replaceAll("/","_"));
+ securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request));
securedLoginIdCookie.setSecure(true);
securedLoginIdCookie.setHttpOnly(true);
response.addCookie(securedLoginIdCookie);