Details
-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
6.0
-
None
-
Unknown
-
Description
There is a problem with stripContextPathFromURL().
If the context path contains URL-escapable characters then the prefix removal at line https://github.com/xwiki/xwiki-platform/blob/6fa5966921b29b969ed7d3b75ca3fbf9f17f2fc8/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java#L601 might fail if the URL passed as parameter is not URL-escaped as well.
I had the problem with an XWiki deployed under a context path containing a dash '-'
The problem is also reproducible. Take a standard 6.0 Jetty Distribution. Rename the context path to xwiki-rulez. Try to access a protected page and you will be redirected to: http://localhost:8080/xwiki-rulezhttp://localhost:8080/xwiki-rulez/bin/login/XWiki/xwiki
There might be two possible fixes:
1) Try to find if the url parameter is URL-escaped by carefully looking for the presence of % symbols - this could be tricky and unreliable
2) Try to remove the prefix from the url parameter and also from its escaped version, and return the result that doesn't contain the context-path. Less elegant but it should reliably work always.
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-