Alternate resolution of #7615 (#7763)

+ use presence of scheme to gate parsing as HttpURI Signed-off-by: Greg Wilkins <gregw@webtide.com>
2022-03-21 14:54:56 +01:00 · 2022-03-21 14:54:56 +01:00 · 9c30caf247
parent f7d0bb455c
commit 9c30caf247
2 changed files with 19 additions and 16 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
@ -321,6 +321,9 @@ public class Response implements HttpServletResponse
    @Override
    public String encodeURL(String url)
    {
+        if (url == null)
+            return null;
+
        final Request request = _channel.getRequest();
        SessionHandler sessionManager = request.getSessionHandler();

@ -328,7 +331,8 @@ public class Response implements HttpServletResponse
            return url;

        HttpURI uri = null;
-        if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url))
+        boolean hasScheme = URIUtil.hasScheme(url);
+        if (sessionManager.isCheckingRemoteSessionIdEncoding() && hasScheme)
        {
            uri = new HttpURI(url);
            String path = uri.getPath();
@ -350,9 +354,6 @@ public class Response implements HttpServletResponse
        if (sessionURLPrefix == null)
            return url;

-        if (url == null)
-            return null;
-
        // should not encode if cookies in evidence
        if ((sessionManager.isUsingCookies() && request.isRequestedSessionIdFromCookie()) || !sessionManager.isUsingURLs())
        {
@ -383,9 +384,6 @@ public class Response implements HttpServletResponse

        String id = sessionManager.getExtendedId(session);

-        if (uri == null)
-            uri = new HttpURI(url);
-
        // Already encoded
        int prefix = url.indexOf(sessionURLPrefix);
        if (prefix != -1)
@ -400,20 +398,24 @@ public class Response implements HttpServletResponse
                url.substring(suffix);
        }

+        // check for a null path
+        String nonNullPath = "";
+        if (hasScheme)
+        {
+            if (uri == null)
+                uri = new HttpURI(url);
+            if (uri.getPath() == null)
+                nonNullPath = "/";
+        }
+
        // edit the session
        int suffix = url.indexOf('?');
        if (suffix < 0)
            suffix = url.indexOf('#');
        if (suffix < 0)
-        {
-            return url +
-                ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme())) && uri.getPath() == null ? "/" : "") + //if no path, insert the root path
-                sessionURLPrefix + id;
-        }
+            return url + nonNullPath + sessionURLPrefix + id;

-        return url.substring(0, suffix) +
-            ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme())) && uri.getPath() == null ? "/" : "") + //if no path so insert the root path
-            sessionURLPrefix + id + url.substring(suffix);
+        return url.substring(0, suffix) + nonNullPath + sessionURLPrefix + id + url.substring(suffix);
    }

    @Override
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java
@ -1520,7 +1520,7 @@ public class ResponseTest
    }

    @Test
-    public void testEncodeRedirect()
+    public void testEncodeURLs()
        throws Exception
    {
        Response response = getResponse();
@ -1570,6 +1570,7 @@ public class ResponseTest
        assertEquals("/;jsessionid=12345", response.encodeURL("/"));
        assertEquals("/foo.html;jsessionid=12345#target", response.encodeURL("/foo.html#target"));
        assertEquals(";jsessionid=12345", response.encodeURL(""));
+        assertEquals("../foo/bar.jsp;jsessionid=12345", response.encodeURL("../foo/bar.jsp"));
    }

    @Test