Index: java/org/apache/catalina/servlets/DefaultServlet.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- java/org/apache/catalina/servlets/DefaultServlet.java (date 1530283078000)
+++ java/org/apache/catalina/servlets/DefaultServlet.java (date 1539554255000)
@@ -1046,6 +1046,10 @@
location.append('?');
location.append(request.getQueryString());
}
+ // Avoid protocol relative redirects
+ while (location.length() > 1 && location.charAt(1) == '/') {
+ location.deleteCharAt(0);
+ }
response.sendRedirect(response.encodeRedirectURL(location.toString()));
}
Index: webapps/docs/changelog.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- webapps/docs/changelog.xml (date 1530283078000)
+++ webapps/docs/changelog.xml (date 1539554256000)
@@ -591,6 +591,10 @@
61999: maxSavePostSize set to 0 should disable saving POST
data during authentication. (remm)
+
+ When generating a redirect to a directory in the Default Servlet, avoid
+ generating a protocol relative redirect. (markt)
+