gatein SVN: r5723 - portal/branches/branch-GTNPORTAL-1745/webui/portal/src/main/java/org/exoplatform/portal/application. - gatein-commits

Tuesday, 11 January 2011


Author: ndkhoiits
Date: 2011-01-11 02:07:59 -0500 (Tue, 11 Jan 2011)
New Revision: 5723

Modified:
  
portal/branches/branch-GTNPORTAL-1745/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestContext.java
Log:
GTNPORTAL-1667 XSS issues passed in URL

Modified:
portal/branches/branch-GTNPORTAL-1745/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestContext.java
===================================================================
---
portal/branches/branch-GTNPORTAL-1745/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestContext.java	2011-01-11
06:50:46 UTC (rev 5722)
+++
portal/branches/branch-GTNPORTAL-1745/webui/portal/src/main/java/org/exoplatform/portal/application/PortalRequestContext.java	2011-01-11
07:07:59 UTC (rev 5723)
@@ -161,7 +161,8 @@
          cacheLevel_ = cache;
       }
 
-      requestURI_ = URLDecoder.decode(req.getRequestURI(), "UTF-8");
+      requestURI_ = req.getRequestURI();
+      String decodedURI = URLDecoder.decode(requestURI_, "UTF-8");
       
       // req.getPathInfo will already have the encoding set from the server.
       // We need to use the UTF-8 value since this is how we store the portal name.
@@ -170,7 +171,7 @@
       String contextPath = URLDecoder.decode(req.getContextPath(), "UTF-8");
       String pathInfo = "/";
       if (requestURI_.length() > servletPath.length() + contextPath.length())
-         pathInfo = requestURI_.substring(servletPath.length() + contextPath.length());
+         pathInfo = decodedURI.substring(servletPath.length() + contextPath.length());
       
       int colonIndex = pathInfo.indexOf("/", 1);
       if (colonIndex < 0)
@@ -180,13 +181,13 @@
       portalOwner_ = pathInfo.substring(1, colonIndex);
       nodePath_ = pathInfo.substring(colonIndex, pathInfo.length());
 
-      portalURI = requestURI_.substring(0, requestURI_.lastIndexOf(nodePath_)) +
"/";
+      portalURI = decodedURI.substring(0, decodedURI.lastIndexOf(nodePath_)) +
"/";
 
-      if (requestURI_.indexOf("/public/") >= 0)
+      if (decodedURI.indexOf("/public/") >= 0)
       {
          accessPath = PUBLIC_ACCESS;
       }
-      else if (requestURI_.indexOf("/private/") >= 0)
+      else if (decodedURI.indexOf("/private/") >= 0)
       {
          accessPath = PRIVATE_ACCESS;
       }


    

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

gatein SVN: r5723 - portal/branches/branch-GTNPORTAL-1745/webui/portal/src/main/java/org/exoplatform/portal/application.