root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Validate contextPath in RedirectView 

Issue: SPR-16752
This commit is contained in:
Rossen Stoyanchev 2018-04-23 15:20:12 -04:00
parent e9a8a5065b
commit de18d96413
2 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spring-webmvc/src/main/java/org/springframework/web/servlet/view/RedirectView.java
View File

@ -329,7 +329,7 @@ public class RedirectView extends AbstractUrlBasedView implements SmartView {
if (this.contextRelative && getUrl().startsWith("/")) {
// Do not apply context path to relative URLs.
targetUrl.append(request.getContextPath());
targetUrl.append(getContextPath(request));
}
targetUrl.append(getUrl());
@ -355,6 +355,14 @@ public class RedirectView extends AbstractUrlBasedView implements SmartView {
return targetUrl.toString();
}
private String getContextPath(HttpServletRequest request) {
String contextPath = request.getContextPath();
while (contextPath.startsWith("//")) {
contextPath = contextPath.substring(1);
}
return contextPath;
}
/**
* Replace URI template variables in the target URL with encoded model
* attributes or URI variables from the current request. Model attributes

23
spring-webmvc/src/test/java/org/springframework/web/servlet/view/RedirectViewTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 the original author or authors.
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -172,9 +172,7 @@ public class RedirectViewTests {
request.setAttribute(DispatcherServlet.WEB_APPLICATION_CONTEXT_ATTRIBUTE, wac);
given(mockProcessor.processUrl(request, "/path")).willReturn("/path?key=123");
rv.render(new ModelMap(), request, response);
verify(mockProcessor).processUrl(request, "/path");
}
@ -196,9 +194,7 @@ public class RedirectViewTests {
rv.setUrl("/path");
given(mockProcessor.processUrl(request, "/path")).willReturn("/path?key=123");
rv.render(new ModelMap(), request, response);
verify(mockProcessor).processUrl(request, "/path");
}
finally {
@ -206,9 +202,7 @@ public class RedirectViewTests {
}
}
// SPR-13693
@Test
@Test // SPR-13693
public void remoteHost() throws Exception {
RedirectView rv = new RedirectView();
@ -224,6 +218,19 @@ public class RedirectViewTests {
}
@Test // SPR-16752
public void contextRelativeWithValidatedContextPath() throws Exception {
String url = "/myUrl";
this.request.setContextPath("//context");
this.response = new MockHttpServletResponse();
doTest(new HashMap<>(), url, true, "/context" + url);
this.request.setContextPath("///context");
this.response = new MockHttpServletResponse();
doTest(new HashMap<>(), url, true, "/context" + url);
}
@Test
public void emptyMap() throws Exception {
String url = "/myUrl";