You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/01/07 20:37:10 UTC
svn commit: r1850685 - in /ofbiz/ofbiz-framework/trunk/framework:
base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Author: jleroux
Date: Mon Jan 7 20:37:10 2019
New Revision: 1850685
URL: http://svn.apache.org/viewvc?rev=1850685&view=rev
Log:
Fixed: Impossible secure and autologin cookie names when mountpoint contains a
slash inside its name
(OFBIZ-10766)
My previous commit was wrong this one fixes it.
I made a mistake trying to generalise changing UtilHttp::getApplicationName.
This method is used in other places where the name should not be changed.
Only cookies are concerned.
Modified:
ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1850685&r1=1850684&r2=1850685&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java Mon Jan 7 20:37:10 2019
@@ -668,7 +668,7 @@ public final class UtilHttp {
if (request.getContextPath().length() > 1) {
appName = request.getContextPath().substring(1);
}
- return appName.replaceAll("/","_");
+ return appName;
}
public static void setInitialRequestInfo(HttpServletRequest request) {
Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1850685&r1=1850684&r2=1850685&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Mon Jan 7 20:37:10 2019
@@ -928,7 +928,7 @@ public class LoginWorker {
Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
- autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
+ autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request).replaceAll("/","_"));
autoLoginCookie.setSecure(true);
autoLoginCookie.setHttpOnly(true);
response.addCookie(autoLoginCookie);
@@ -948,7 +948,7 @@ public class LoginWorker {
Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(request), userLogin.getString("userLoginId"));
securedLoginIdCookie.setMaxAge(-1);
securedLoginIdCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
- securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request));
+ securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request).replaceAll("/","_"));
securedLoginIdCookie.setSecure(true);
securedLoginIdCookie.setHttpOnly(true);
response.addCookie(securedLoginIdCookie);