You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by am...@apache.org on 2003/12/09 01:50:28 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ApplicationFilterFactory.java
amyroh 2003/12/08 16:50:28
Modified: catalina/src/share/org/apache/catalina/core
ApplicationFilterFactory.java
Log:
Strip out uri parameters (";*") during filter mappings or security constraints matching - bugtraq 4903209.
Revision Changes Path
1.12 +7 -3 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterFactory.java
Index: ApplicationFilterFactory.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationFilterFactory.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ApplicationFilterFactory.java 2 Sep 2003 21:22:04 -0000 1.11
+++ ApplicationFilterFactory.java 9 Dec 2003 00:50:28 -0000 1.12
@@ -156,6 +156,10 @@
if (attribute != null){
requestPath = attribute.toString();
+ int semicolon = requestPath.indexOf(";");
+ if (semicolon >= 0) {
+ requestPath = requestPath.substring(0, semicolon);
+ }
}
HttpServletRequest hreq = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org