/[Apache-SVN]

Revision 1717212

Jump to revision:
Author:	markt
Date:	Mon Nov 30 09:27:41 2015 UTC (8 years, 5 months ago)
Changed paths:	6
Log Message:	Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58660 With mapperContextRootRedirectEnabled ste to false, the redirect needs to be handled elsewhere. - Ensure the Mapper does not add the '/' handling the redirect - Handle the redirect in the DefaultServlet - Add a redirect to FORM auth if auth is occurring at the context root else the login page could be submitted to the wrong web application This is part 2 of 2 of the fix for CVE-2015-5345

Changed paths

Path	Details
tomcat/tc7.0.x/trunk/	modified , props changed
tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java	modified , text changed
tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java	modified , text changed
tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java	modified , text changed
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java	modified , text changed
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml	modified , text changed

infrastructure at apache.org	ViewVC Help
Powered by ViewVC 1.1.26