/[Apache-SVN]
ViewVC logotype

Revision 1717216


Jump to revision: Previous Next
Author: markt
Date: Mon Nov 30 09:35:25 2015 UTC (3 years, 10 months ago)
Changed paths: 5
Log Message:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58660
With mapperContextRootRedirectEnabled ste to false, the redirect needs to be handled elsewhere.
- Ensure the Mapper does not add the '/' handling the redirect
- Handle the redirect in the DefaultServlet
- Add a redirect to FORM auth if auth is occurring at the context root else the login page could be submitted to the wrong web application
This is part 2 of 2 of the fix for CVE-2015-5345

Changed paths

Path Details
Directorytomcat/tc6.0.x/trunk/ modified , props changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/WebdavServlet.java modified , text changed
Directorytomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/mapper/Mapper.java modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26