ViewVC logotype

Revision 1717212

Jump to revision: Previous Next
Author: markt
Date: Mon Nov 30 09:27:41 2015 UTC (3 years, 10 months ago)
Changed paths: 6
Log Message:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58660
With mapperContextRootRedirectEnabled ste to false, the redirect needs to be handled elsewhere.
- Ensure the Mapper does not add the '/' handling the redirect
- Handle the redirect in the DefaultServlet
- Add a redirect to FORM auth if auth is occurring at the context root else the login page could be submitted to the wrong web application
This is part 2 of 2 of the fix for CVE-2015-5345

Changed paths

Path Details
Directorytomcat/tc7.0.x/trunk/ modified , props changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java modified , text changed
Directorytomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java modified , text changed
Directorytomcat/tc7.0.x/trunk/webapps/docs/changelog.xml modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26