Ard Schrijvers pushed to branch release/3.1 at cms / hippo-cms
Commits: f898c267 by Ard Schrijvers at 2016-02-12T15:38:32+01:00 CMS-9930 [Backport 3.1.5] if the redirect equals './', append a '?' to avoid an empty location header in case of a 302. See the explanation for this in the jira issue - - - - - 1 changed file: - engine/src/main/java/org/hippoecm/frontend/Main.java Changes: ===================================== engine/src/main/java/org/hippoecm/frontend/Main.java ===================================== --- a/engine/src/main/java/org/hippoecm/frontend/Main.java +++ b/engine/src/main/java/org/hippoecm/frontend/Main.java @@ -1,5 +1,5 @@ /* - * Copyright 2008-2015 Hippo B.V. (http://www.onehippo.com) + * Copyright 2008-2016 Hippo B.V. (http://www.onehippo.com) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -81,6 +81,7 @@ import org.apache.wicket.resource.loader.IStringResourceLoader; import org.apache.wicket.settings.IExceptionSettings; import org.apache.wicket.settings.IResourceSettings; import org.apache.wicket.util.IContextProvider; +import org.apache.wicket.util.lang.Args; import org.apache.wicket.util.lang.Bytes; import org.apache.wicket.util.resource.IResourceStream; import org.apache.wicket.util.string.StringValue; @@ -651,17 +652,20 @@ public class Main extends PluginApplication { } @Override - public void sendRedirect(final String url) { + public void sendRedirect(String url) { + Args.notNull(url, "url"); if (containsCRorLF(url)) { throw new IllegalArgumentException("CR or LF detected in redirect URL: possible http response splitting attack"); } + + if (url.equals("./")) { + url += "?"; + } + super.sendRedirect(url); } private boolean containsCRorLF(String s) { - if (null == s) { - return false; - } int length = s.length(); View it on GitLab: https://code.onehippo.org/cms/hippo-cms/commit/f898c26776befb6c41b8addfa7406fb3f218c60b
_______________________________________________ Hippocms-svn mailing list Hippocms-svn@lists.onehippo.org https://lists.onehippo.org/mailman/listinfo/hippocms-svn