Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-10364

Invalid redirect URL when using a context path with URL-escapable characters

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 6.0
    • Fix Version/s: None
    • Component/s: Old Core
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      There is a problem with stripContextPathFromURL().

      If the context path contains URL-escapable characters then the prefix removal at line https://github.com/xwiki/xwiki-platform/blob/6fa5966921b29b969ed7d3b75ca3fbf9f17f2fc8/xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java#L601 might fail if the URL passed as parameter is not URL-escaped as well.

      I had the problem with an XWiki deployed under a context path containing a dash '-'

      The problem is also reproducible. Take a standard 6.0 Jetty Distribution. Rename the context path to xwiki-rulez. Try to access a protected page and you will be redirected to: http://localhost:8080/xwiki-rulezhttp://localhost:8080/xwiki-rulez/bin/login/XWiki/xwiki

      There might be two possible fixes:

      1) Try to find if the url parameter is URL-escaped by carefully looking for the presence of % symbols - this could be tricky and unreliable

      2) Try to remove the prefix from the url parameter and also from its escaped version, and return the result that doesn't contain the context-path. Less elegant but it should reliably work always.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mflorea Marius Dumitru Florea
                Reporter:
                fmancinelli Fabio Mancinelli
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: