[HippoCMS-scm] [Git][cms/hippo-cms][release/3.1] CMS-9930 [Backport 3.1.5] if the redirect equals './', append a '?' to avoid an …

Fri, 12 Feb 2016 06:49:43 -0800 

Ard Schrijvers pushed to branch release/3.1 at cms / hippo-cms


Commits:
f898c267 by Ard Schrijvers at 2016-02-12T15:38:32+01:00
CMS-9930 [Backport 3.1.5] if the redirect equals './', append a '?' to avoid an 
empty location header in case of a 302. See the explanation for this in the 
jira issue

- - - - -


1 changed file:

- engine/src/main/java/org/hippoecm/frontend/Main.java


Changes:

=====================================
engine/src/main/java/org/hippoecm/frontend/Main.java
=====================================
--- a/engine/src/main/java/org/hippoecm/frontend/Main.java
+++ b/engine/src/main/java/org/hippoecm/frontend/Main.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2008-2015 Hippo B.V. (http://www.onehippo.com)
+ *  Copyright 2008-2016 Hippo B.V. (http://www.onehippo.com)
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -81,6 +81,7 @@ import 
org.apache.wicket.resource.loader.IStringResourceLoader;
 import org.apache.wicket.settings.IExceptionSettings;
 import org.apache.wicket.settings.IResourceSettings;
 import org.apache.wicket.util.IContextProvider;
+import org.apache.wicket.util.lang.Args;
 import org.apache.wicket.util.lang.Bytes;
 import org.apache.wicket.util.resource.IResourceStream;
 import org.apache.wicket.util.string.StringValue;
@@ -651,17 +652,20 @@ public class Main extends PluginApplication {
         }
 
         @Override
-        public void sendRedirect(final String url) {
+        public void sendRedirect(String url) {
+            Args.notNull(url, "url");
             if (containsCRorLF(url)) {
                 throw new IllegalArgumentException("CR or LF detected in 
redirect URL: possible http response splitting attack");
             }
+
+            if (url.equals("./")) {
+                url += "?";
+            }
+
             super.sendRedirect(url);
         }
 
         private boolean containsCRorLF(String s) {
-            if (null == s) {
-                return false;
-            }
 
             int length = s.length();
 



View it on GitLab: 
https://code.onehippo.org/cms/hippo-cms/commit/f898c26776befb6c41b8addfa7406fb3f218c60b

_______________________________________________
Hippocms-svn mailing list
Hippocms-svn@lists.onehippo.org
https://lists.onehippo.org/mailman/listinfo/hippocms-svn

Reply via email to