You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by am...@apache.org on 2003/12/09 01:50:28 UTC

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ApplicationFilterFactory.java

amyroh      2003/12/08 16:50:28

  Modified:    catalina/src/share/org/apache/catalina/core
                        ApplicationFilterFactory.java
  Log:
  Strip out uri parameters (";*") during filter mappings or security constraints matching - bugtraq 4903209.
  
  Revision  Changes    Path
  1.12      +7 -3      jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterFactory.java
  
  Index: ApplicationFilterFactory.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterFactory.java,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- ApplicationFilterFactory.java	2 Sep 2003 21:22:04 -0000	1.11
  +++ ApplicationFilterFactory.java	9 Dec 2003 00:50:28 -0000	1.12
  @@ -156,6 +156,10 @@
           
           if (attribute != null){
               requestPath = attribute.toString();
  +            int semicolon = requestPath.indexOf(";");
  +            if (semicolon >= 0) {
  +                requestPath = requestPath.substring(0, semicolon);
  +            }
           }
           
           HttpServletRequest hreq = null;
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org