Fix #7615 encode relative URIs (#7765)

* Fix #7615 encode relative URIs cherry-picked from 9c30caf Signed-off-by: Greg Wilkins <gregw@webtide.com> * Fix #7615 encode relative URIs fixed checkstyle Signed-off-by: Greg Wilkins <gregw@webtide.com>
jetty · Mar 22, 2022 · e0788ab · e0788ab
1 parent ae5c8e3
commit e0788ab
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 16 deletions.
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
@@ -342,14 +342,18 @@ public boolean containsHeader(String name)
     @Override
     public String encodeURL(String url)
     {
+        if (url == null)
+            return null;
+
         final Request request = _channel.getRequest();
         SessionHandler sessionManager = request.getSessionHandler();
 
         if (sessionManager == null)
             return url;
 
         HttpURI uri = null;
-        if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url))
+        boolean hasScheme = URIUtil.hasScheme(url);
+        if (sessionManager.isCheckingRemoteSessionIdEncoding() && hasScheme)
         {
             uri = HttpURI.from(url);
             String path = uri.getPath();
@@ -371,9 +375,6 @@ public String encodeURL(String url)
         if (sessionURLPrefix == null)
             return url;
 
-        if (url == null)
-            return null;
-
         // should not encode if cookies in evidence
         if ((sessionManager.isUsingCookies() && request.isRequestedSessionIdFromCookie()) || !sessionManager.isUsingURLs())
         {
@@ -404,9 +405,6 @@ public String encodeURL(String url)
 
         String id = sessionManager.getExtendedId(session);
 
-        if (uri == null)
-            uri = HttpURI.from(url);
-
         // Already encoded
         int prefix = url.indexOf(sessionURLPrefix);
         if (prefix != -1)
@@ -421,20 +419,24 @@ public String encodeURL(String url)
                 url.substring(suffix);
         }
 
+        // check for a null path
+        String nonNullPath = "";
+        if (hasScheme)
+        {
+            if (uri == null)
+                uri = HttpURI.from(url);
+            if (uri.getPath() == null)
+                nonNullPath = "/";
+        }
+
         // edit the session
         int suffix = url.indexOf('?');
         if (suffix < 0)
             suffix = url.indexOf('#');
         if (suffix < 0)
-        {
-            return url +
-                ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme())) && uri.getPath() == null ? "/" : "") + //if no path, insert the root path
-                sessionURLPrefix + id;
-        }
+            return url + nonNullPath + sessionURLPrefix + id;
 
-        return url.substring(0, suffix) +
-            ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme())) && uri.getPath() == null ? "/" : "") + //if no path so insert the root path
-            sessionURLPrefix + id + url.substring(suffix);
+        return url.substring(0, suffix) + nonNullPath + sessionURLPrefix + id + url.substring(suffix);
     }
 
     @Override

diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java
@@ -1642,7 +1642,7 @@ public void testWriteCheckError() throws Exception
     }
 
     @Test
-    public void testEncodeRedirect()
+    public void testEncodeURLs()
     {
         ContextHandler context = new ContextHandler("/path");
         Response response = getResponse();
@@ -1708,6 +1708,7 @@ public void testEncodeRedirect()
         assertEquals("/;jsessionid=12345", response.encodeURL("/"));
         assertEquals("/foo.html;jsessionid=12345#target", response.encodeURL("/foo.html#target"));
         assertEquals(";jsessionid=12345", response.encodeURL(""));
+        assertEquals("../foo/bar.jsp;jsessionid=12345", response.encodeURL("../foo/bar.jsp"));
     }
 
     @Test