This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new c5a45ae68d Fix slash handling for path parameters (schultz)
c5a45ae68d is described below
commit c5a45ae68d07f7a07be2a875e5b6772d66c4e5d0
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Mar 12 11:50:51 2026 +0000
Fix slash handling for path parameters (schultz)
---
.../catalina/valves/LoadBalancerDrainingValve.java | 27 ++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
b/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
index 756cc48fd1..2d95eb2a7e 100644
--- a/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
+++ b/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
@@ -208,11 +208,11 @@ public class LoadBalancerDrainingValve extends ValveBase {
response.addCookie(sessionCookie);
}
+ String uri = collapseLeadingSlashes(request.getRequestURI());
// Re-write the URI if it contains a ;jsessionid parameter
- String uri = request.getRequestURI();
String sessionURIParamName =
SessionConfig.getSessionUriParamName(request.getContext());
if (uri.contains(";" + sessionURIParamName + "=")) {
- uri = uri.replaceFirst(";" + sessionURIParamName + "=[^&?]*",
"");
+ uri = uri.replaceFirst(";" + sessionURIParamName + "=[^;/]*",
"");
}
String queryString = request.getQueryString();
@@ -229,4 +229,27 @@ public class LoadBalancerDrainingValve extends ValveBase {
getNext().invoke(request, response);
}
}
+
+ private static String collapseLeadingSlashes(String s) {
+ final int len = s.length();
+ int i = 0;
+
+ // Find the last consecutive / character
+ while (i < len && s.charAt(i) == '/') {
+ i++;
+ }
+
+ // No leading slashes
+ if (i == 0) {
+ return s;
+ }
+
+ // Nothing but slashes
+ if (i == len) {
+ return "/";
+ }
+
+ // Multiple; remove all but one
+ return s.substring(i - 1);
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
