From 4f5c512d753e9c127bf0ce22feff34e369b79e16 Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Mon, 3 May 2010 10:37:13 +0000 Subject: [PATCH] 291448 encodeRedirectURL only encodes absolute URLs to same host/port/context git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@1644 7e9141cc-0065-0410-87d8-b60c137991c4 --- VERSION.txt | 3 +- .../org/eclipse/jetty/server/Response.java | 33 ++++++++++++++----- .../eclipse/jetty/server/ResponseTest.java | 18 ++++++++-- 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index c9814c1a2b8..6bd3863b261 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1,5 +1,7 @@ jetty-7.1.0.RC1-SNAPSHOT + + 291448 encodeRedirectURL only encodes absolute URLs to same host/port/context + + 297104 HTTP CONNECT does not work correct with SSL destinations + 308848 Update test suite to JUnit4 - Module jetty-ajp + 308861 Update test suite to JUnit4 - Module jetty-security + 308868 Update test suite to JUnit4 - Module jetty-websocket @@ -10,7 +12,6 @@ jetty-7.1.0.RC1-SNAPSHOT + 310703 Update test suite to JUnit4 - Module tests/test-integration + 310918 Synchronize content exchange + 311154 Use Appendable in preference to StringBuilder/StringBuffer in APIs - + 297104 HTTP CONNECT does not work correct with SSL destinations + 308865 Update test suite to JUnit4 - Module jetty-start jetty-7.1.0.RC0 27 April 2010 diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java index 3ca74a09417..964a53f7c82 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java @@ -30,6 +30,7 @@ import org.eclipse.jetty.http.HttpFields; import org.eclipse.jetty.http.HttpGenerator; import org.eclipse.jetty.http.HttpHeaderValues; import org.eclipse.jetty.http.HttpHeaders; +import org.eclipse.jetty.http.HttpSchemes; import org.eclipse.jetty.http.HttpStatus; import org.eclipse.jetty.http.HttpURI; import org.eclipse.jetty.http.HttpVersions; @@ -221,30 +222,44 @@ public class Response implements HttpServletResponse } /* ------------------------------------------------------------ */ - /* - * @see javax.servlet.http.HttpServletResponse#encodeRedirectURL(java.lang.String) + /** + * Encode Redirect URL. + *

This method differs from {@link #encodeURL(String)}, in that it only encodes + * relative URLs or absolute URLs to the same host/port/contextPath as the request. */ public String encodeRedirectURL(String url) { + if (URIUtil.hasScheme(url)) + { + HttpURI uri = new HttpURI(url); + Request request=_connection.getRequest(); + int port=uri.getPort(); + if (port<0) + port = HttpSchemes.HTTPS.equalsIgnoreCase(uri.getScheme())?443:80; + if (request.getServerName().equalsIgnoreCase(uri.getHost()) && + request.getServerPort()==port && + uri.getPath().startsWith(request.getContextPath())) + + return encodeURL(url); + return url; + } + + return encodeURL(url); } /* ------------------------------------------------------------ */ - /* - * @see javax.servlet.http.HttpServletResponse#encodeUrl(java.lang.String) - */ + @Deprecated public String encodeUrl(String url) { return encodeURL(url); } /* ------------------------------------------------------------ */ - /* - * @see javax.servlet.http.HttpServletResponse#encodeRedirectUrl(java.lang.String) - */ + @Deprecated public String encodeRedirectUrl(String url) { - return encodeURL(url); + return encodeRedirectURL(url); } /* ------------------------------------------------------------ */ diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java index 6028467144a..5298e2a87e9 100644 --- a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java @@ -325,8 +325,11 @@ public class ResponseTest extends TestCase HttpConnection connection=new HttpConnection(connector,new ByteArrayEndPoint(), connector.getServer()); Response response = new Response(connection); Request request = connection.getRequest(); + request.setServerName("myhost"); + request.setServerPort(8888); + request.setContextPath("/path"); - assertEquals("http://host:port/path/info;param?query=0&more=1#target",response.encodeRedirectUrl("http://host:port/path/info;param?query=0&more=1#target")); + assertEquals("http://myhost:8888/path/info;param?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target")); request.setRequestedSessionId("12345"); request.setRequestedSessionIdFromCookie(false); @@ -335,8 +338,19 @@ public class ResponseTest extends TestCase request.setSessionManager(manager); request.setSession(new TestSession(manager,"12345")); - assertEquals("http://host:port/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeRedirectUrl("http://host:port/path/info;param?query=0&more=1#target")); + assertEquals("http://myhost:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/path/info;param?query=0&more=1#target")); + + assertEquals("http://other:8888/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://other:8888/path/info;param?query=0&more=1#target")); + assertEquals("http://other:8888/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://other:8888/path/info;param?query=0&more=1#target")); + + assertEquals("http://myhost/path/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost/path/info;param?query=0&more=1#target")); + assertEquals("http://myhost/path/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost/path/info;param?query=0&more=1#target")); + assertEquals("http://myhost:8888/other/info;param;jsessionid=12345?query=0&more=1#target",response.encodeURL("http://myhost:8888/other/info;param?query=0&more=1#target")); + assertEquals("http://myhost:8888/other/info;param?query=0&more=1#target",response.encodeRedirectURL("http://myhost:8888/other/info;param?query=0&more=1#target")); + + + } public void testSetBufferSize ()