svn commit: r1850686 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1850686 - in /ofbiz/ofbiz-framework/branches/release18.12: ./ framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

jleroux@apache.org
Author: jleroux
Date: Mon Jan  7 20:38:26 2019
New Revision: 1850686

URL: http://svn.apache.org/viewvc?rev=1850686&view=rev
Log:
"Applied fix from trunk for revision: 1850685"
------------------------------------------------------------------------
r1850685 | jleroux | 2019-01-07 21:37:10 +0100 (lun. 07 janv. 2019) | 8 lignes

Fixed: Impossible secure and autologin cookie names when mountpoint contains a
slash inside its name
(OFBIZ-10766)

My previous commit was wrong this one fixes it.
I made a mistake trying to generalise changing UtilHttp::getApplicationName.
This method is used in other places where the name should not be changed.
Only cookies are concerned.
------------------------------------------------------------------------

Modified:
    ofbiz/ofbiz-framework/branches/release18.12/   (props changed)
    ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
    ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java

Propchange: ofbiz/ofbiz-framework/branches/release18.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jan  7 20:38:26 2019
@@ -10,4 +10,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/ofbiz-framework/trunk:1850015,1850023,1850530,1850647
+/ofbiz/ofbiz-framework/trunk:1850015,1850023,1850530,1850647,1850685

Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java?rev=1850686&r1=1850685&r2=1850686&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java Mon Jan  7 20:38:26 2019
@@ -668,7 +668,7 @@ public final class UtilHttp {
         if (request.getContextPath().length() > 1) {
             appName = request.getContextPath().substring(1);
         }
-        return appName.replaceAll("/","_");
+        return appName;
     }
 
     public static void setInitialRequestInfo(HttpServletRequest request) {

Modified: ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java?rev=1850686&r1=1850685&r2=1850686&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/ofbiz-framework/branches/release18.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java Mon Jan  7 20:38:26 2019
@@ -928,7 +928,7 @@ public class LoginWorker {
             Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
             autoLoginCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
-            autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request));
+            autoLoginCookie.setPath("/" + UtilHttp.getApplicationName(request).replaceAll("/","_"));
             autoLoginCookie.setSecure(true);
             autoLoginCookie.setHttpOnly(true);
             response.addCookie(autoLoginCookie);
@@ -948,7 +948,7 @@ public class LoginWorker {
             Cookie securedLoginIdCookie = new Cookie(getSecuredLoginIdCookieName(request), userLogin.getString("userLoginId"));
             securedLoginIdCookie.setMaxAge(-1);
             securedLoginIdCookie.setDomain(EntityUtilProperties.getPropertyValue("url", "cookie.domain", delegator));
-            securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request));
+            securedLoginIdCookie.setPath("/" + UtilHttp.getApplicationName(request).replaceAll("/","_"));
             securedLoginIdCookie.setSecure(true);
             securedLoginIdCookie.setHttpOnly(true);
             response.addCookie(securedLoginIdCookie);