[jira] [Commented] (SHIRO-509) WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters

Mark Hale (JIRA) Tue, 06 Oct 2015 13:00:12 -0700

    [ 
https://issues.apache.org/jira/browse/SHIRO-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14945659#comment-14945659
 ]


Mark Hale commented on SHIRO-509:
---------------------------------

Yep

> WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters
> ----------------------------------------------------------------------
>
>                 Key: SHIRO-509
>                 URL: https://issues.apache.org/jira/browse/SHIRO-509
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.2.2
>         Environment: Webapp deployment in Jetty
>            Reporter: Mark Hale
>
> If I config a web filter (say anon) for a path /**/public and make a request 
> to /mystuff;filter=toys/prices/public the filter is not triggered because 
> WebUtils.decodeAndCleanUriString() removes everything after the ';' (so it 
> only tries to match on /mystuff). The fix is to change
>         int semicolonIndex = uri.indexOf(';');
> to
>         int lastSlash = uri.lastIndexOf('/');
>         int semicolonIndex = uri.lastIndexOf(';');
> if(semicolonIndex > lastSlash) then drop trailing matrix params. So that 
> matrix params in parent path segments are left intact.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (SHIRO-509) WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters

Reply via email to