When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect.

markt-asf · markt-asf · commit f9f147359b7c · 2018-09-04T18:20:04.000Z
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc8.5.x/trunk@1840056 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -1154,6 +1154,10 @@ private void doDirectoryRedirect(HttpServletRequest request, HttpServletResponse
             location.append('?');
             location.append(request.getQueryString());
         }
+        // Avoid protocol relative redirects
+        while (location.length() > 1 && location.charAt(1) == '/') {
+            location.deleteCharAt(0);
+        }
         response.sendRedirect(response.encodeRedirectURL(location.toString()));
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -76,6 +76,10 @@
       <fix>
         <bug>62667</bug>: Add recursion to rewrite substitution parsing. (remm)
       </fix>
+      <fix>
+        When generating a redirect to a directory in the Default Servlet, avoid
+        generating a protocol relative redirect. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">

Original file line number	Diff line number	Diff line change
`@@ -1154,6 +1154,10 @@ private void doDirectoryRedirect(HttpServletRequest request, HttpServletResponse`
`1154`	`1154`	`location.append('?');`
`1155`	`1155`	`location.append(request.getQueryString());`
`1156`	`1156`	`}`
	`1157`	`+ // Avoid protocol relative redirects`
	`1158`	`+ while (location.length() > 1 && location.charAt(1) == '/') {`
	`1159`	`+ location.deleteCharAt(0);`
	`1160`	`+ }`
`1157`	`1161`	`response.sendRedirect(response.encodeRedirectURL(location.toString()));`
`1158`	`1162`	`}`
`1159`	`1163`