antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 7 Projects Releases 5 Activity Actions

* Prevent response splitting vulnerability reported by

Browse source 
Paul Alexandrow on helma-dev.
This commit is contained in:
hns 2007-11-13 14:23:57 +00:00
parent 54617d09c1
commit 2721d55139
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/helma/framework/ResponseTrans.java
View file

@ -442,8 +442,9 @@ public final class ResponseTrans extends Writer implements Serializable {
* @throws RedirectException ... * @throws RedirectException ...
*/ */
public void redirect(String url) throws RedirectException { public void redirect(String url) throws RedirectException {
redir = url; redir = url == null ?
throw new RedirectException(url); null : url.replaceAll("[\r\n]", "");
throw new RedirectException(redir);
} }
/** /**
@ -463,8 +464,9 @@ public final class ResponseTrans extends Writer implements Serializable {
* @throws RedirectException ... * @throws RedirectException ...
*/ */
public void forward(String url) throws RedirectException { public void forward(String url) throws RedirectException {
forward = url; forward = url == null ?
throw new RedirectException(url); null : url.replaceAll("[\r\n]", "");
throw new RedirectException(forward);
} }
/** /**