When generating a redirect to a directory in the Default Servlet, avo…

…id generating a protocol relative redirect. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1840055 13f79535-47bb-0310-9956-ffa450edef68
apache · Sep 4, 2018 · efb860b · efb860b
1 parent 94155ef
commit efb860b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -1313,6 +1313,10 @@ private void doDirectoryRedirect(HttpServletRequest request, HttpServletResponse
             location.append('?');
             location.append(request.getQueryString());
         }
+        // Avoid protocol relative redirects
+        while (location.length() > 1 && location.charAt(1) == '/') {
+            location.deleteCharAt(0);
+        }
         response.sendRedirect(response.encodeRedirectURL(location.toString()));
     }
 

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -72,6 +72,10 @@
       <fix>
         <bug>62667</bug>: Add recursion to rewrite substitution parsing. (remm)
       </fix>
+      <fix>
+        When generating a redirect to a directory in the Default Servlet, avoid
+        generating a protocol relative redirect. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">