/[Apache-SVN]
ViewVC logotype

Revision 1716882


Jump to revision: Previous Next
Author: markt
Date: Fri Nov 27 14:52:27 2015 UTC (3 years, 10 months ago)
Changed paths: 3
Log Message:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58660
With mapperContextRootRedirectEnabled ste to false, the redirect needs to be handled elsewhere.
- Ensure the Mapper does not add the '/'
- Handle the redirect in the DefaultServlet
- Add a redirect to FORM auth if auth is occurring at the context root else the login page could be submitted to the wrong web application
This is part 2 of 3 of the fix for CVE-2015-5345

Changed paths

Path Details
Directorytomcat/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java modified , text changed
Directorytomcat/trunk/java/org/apache/catalina/mapper/Mapper.java modified , text changed
Directorytomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26