tchekai704
/
src-spring-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Validate contextPath in RedirectView 

Issue: SPR-16752
pull/1804/head
Rossen Stoyanchev 7 years ago
parent
e9a8a5065b
commit
de18d96413
2 changed files with 24 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      spring-webmvc/src/main/java/org/springframework/web/servlet/view/RedirectView.java
  2. 23
      spring-webmvc/src/test/java/org/springframework/web/servlet/view/RedirectViewTests.java

10
spring-webmvc/src/main/java/org/springframework/web/servlet/view/RedirectView.java
Unescape View File

@ -329,7 +329,7 @@ public class RedirectView extends AbstractUrlBasedView implements SmartView { @@ -329,7 +329,7 @@ public class RedirectView extends AbstractUrlBasedView implements SmartView {
if (this.contextRelative && getUrl().startsWith("/")) {
// Do not apply context path to relative URLs.
targetUrl.append(request.getContextPath());
targetUrl.append(getContextPath(request));
}
targetUrl.append(getUrl());
@ -355,6 +355,14 @@ public class RedirectView extends AbstractUrlBasedView implements SmartView { @@ -355,6 +355,14 @@ public class RedirectView extends AbstractUrlBasedView implements SmartView {
return targetUrl.toString();
}
private String getContextPath(HttpServletRequest request) {
String contextPath = request.getContextPath();
while (contextPath.startsWith("//")) {
contextPath = contextPath.substring(1);
}
return contextPath;
}
/**
* Replace URI template variables in the target URL with encoded model
* attributes or URI variables from the current request. Model attributes

23
spring-webmvc/src/test/java/org/springframework/web/servlet/view/RedirectViewTests.java
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 the original author or authors.
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -172,9 +172,7 @@ public class RedirectViewTests { @@ -172,9 +172,7 @@ public class RedirectViewTests {
request.setAttribute(DispatcherServlet.WEB_APPLICATION_CONTEXT_ATTRIBUTE, wac);
given(mockProcessor.processUrl(request, "/path")).willReturn("/path?key=123");
rv.render(new ModelMap(), request, response);
verify(mockProcessor).processUrl(request, "/path");
}
@ -196,9 +194,7 @@ public class RedirectViewTests { @@ -196,9 +194,7 @@ public class RedirectViewTests {
rv.setUrl("/path");
given(mockProcessor.processUrl(request, "/path")).willReturn("/path?key=123");
rv.render(new ModelMap(), request, response);
verify(mockProcessor).processUrl(request, "/path");
}
finally {
@ -206,9 +202,7 @@ public class RedirectViewTests { @@ -206,9 +202,7 @@ public class RedirectViewTests {
}
}
// SPR-13693
@Test
@Test // SPR-13693
public void remoteHost() throws Exception {
RedirectView rv = new RedirectView();
@ -224,6 +218,19 @@ public class RedirectViewTests { @@ -224,6 +218,19 @@ public class RedirectViewTests {
}
@Test // SPR-16752
public void contextRelativeWithValidatedContextPath() throws Exception {
String url = "/myUrl";
this.request.setContextPath("//context");
this.response = new MockHttpServletResponse();
doTest(new HashMap<>(), url, true, "/context" + url);
this.request.setContextPath("///context");
this.response = new MockHttpServletResponse();
doTest(new HashMap<>(), url, true, "/context" + url);
}
@Test
public void emptyMap() throws Exception {
String url = "/myUrl";

Write Preview
Loading…
Cancel
Save