[SHIRO-509] WebUtils.decodeAndCleanUriString incorrectly handles matrix parameters - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.2.2
Fix Version/s: None
Component/s: Web
Labels:
None
Environment:
Webapp deployment in Jetty

Description

If I config a web filter (say anon) for a path /**/public and make a request to /mystuff;filter=toys/prices/public the filter is not triggered because WebUtils.decodeAndCleanUriString() removes everything after the ';' (so it only tries to match on /mystuff). The fix is to change
int semicolonIndex = uri.indexOf(';');
to
int lastSlash = uri.lastIndexOf('/');
int semicolonIndex = uri.lastIndexOf(';');
if(semicolonIndex > lastSlash) then drop trailing matrix params. So that matrix params in parent path segments are left intact.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Mark Hale

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Jul/14 14:14

Updated:: 06/Oct/15 19:58