Sean Busbey created HBASE-17560:
-----------------------------------
Summary: HMaster redirect should sanity check user input
Key: HBASE-17560
URL: https://issues.apache.org/jira/browse/HBASE-17560
Project: HBase
Issue Type: Bug
Components: master, security, UI
Reporter: Sean Busbey
We should do some sanity checking on the user provided data before we blindly
pass it to a redirect.
i.e.
{code}
public static class RedirectServlet extends HttpServlet {
private static final long serialVersionUID = 2894774810058302472L;
private static int regionServerInfoPort;
@Override
public void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String redirectUrl = request.getScheme() + "://"
+ request.getServerName() + ":" + regionServerInfoPort
+ request.getRequestURI();
response.sendRedirect(redirectUrl);
}
}
{code}
e.g.
* Are we reidrecting to a server that is ours?
* Did we validate the path/query string?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
