Alternate resolution of #7615 (#7763)

+ use presence of scheme to gate parsing as HttpURI Signed-off-by: Greg Wilkins <[email protected]>
jetty · Mar 21, 2022 · 9c30caf · 9c30caf
1 parent f7d0bb4
commit 9c30caf
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 16 deletions.
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Response.java
@@ -321,14 +321,18 @@ public boolean containsHeader(String name)
     @Override
     public String encodeURL(String url)
     {
+        if (url == null)
+            return null;
+
         final Request request = _channel.getRequest();
         SessionHandler sessionManager = request.getSessionHandler();
 
         if (sessionManager == null)
             return url;
 
         HttpURI uri = null;
-        if (sessionManager.isCheckingRemoteSessionIdEncoding() && URIUtil.hasScheme(url))
+        boolean hasScheme = URIUtil.hasScheme(url);
+        if (sessionManager.isCheckingRemoteSessionIdEncoding() && hasScheme)
         {
             uri = new HttpURI(url);
             String path = uri.getPath();
@@ -350,9 +354,6 @@ public String encodeURL(String url)
         if (sessionURLPrefix == null)
             return url;
 
-        if (url == null)
-            return null;
-
         // should not encode if cookies in evidence
         if ((sessionManager.isUsingCookies() && request.isRequestedSessionIdFromCookie()) || !sessionManager.isUsingURLs())
         {
@@ -383,9 +384,6 @@ public String encodeURL(String url)
 
         String id = sessionManager.getExtendedId(session);
 
-        if (uri == null)
-            uri = new HttpURI(url);
-
         // Already encoded
         int prefix = url.indexOf(sessionURLPrefix);
         if (prefix != -1)
@@ -400,20 +398,24 @@ public String encodeURL(String url)
                 url.substring(suffix);
         }
 
+        // check for a null path
+        String nonNullPath = "";
+        if (hasScheme)
+        {
+            if (uri == null)
+                uri = new HttpURI(url);
+            if (uri.getPath() == null)
+                nonNullPath = "/";
+        }
+
         // edit the session
         int suffix = url.indexOf('?');
         if (suffix < 0)
             suffix = url.indexOf('#');
         if (suffix < 0)
-        {
-            return url +
-                ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme())) && uri.getPath() == null ? "/" : "") + //if no path, insert the root path
-                sessionURLPrefix + id;
-        }
+            return url + nonNullPath + sessionURLPrefix + id;
 
-        return url.substring(0, suffix) +
-            ((HttpScheme.HTTPS.is(uri.getScheme()) || HttpScheme.HTTP.is(uri.getScheme())) && uri.getPath() == null ? "/" : "") + //if no path so insert the root path
-            sessionURLPrefix + id + url.substring(suffix);
+        return url.substring(0, suffix) + nonNullPath + sessionURLPrefix + id + url.substring(suffix);
     }
 
     @Override

diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/ResponseTest.java
@@ -1520,7 +1520,7 @@ public void testWriteCheckError() throws Exception
     }
 
     @Test
-    public void testEncodeRedirect()
+    public void testEncodeURLs()
         throws Exception
     {
         Response response = getResponse();
@@ -1570,6 +1570,7 @@ public void testEncodeRedirect()
         assertEquals("/;jsessionid=12345", response.encodeURL("/"));
         assertEquals("/foo.html;jsessionid=12345#target", response.encodeURL("/foo.html#target"));
         assertEquals(";jsessionid=12345", response.encodeURL(""));
+        assertEquals("../foo/bar.jsp;jsessionid=12345", response.encodeURL("../foo/bar.jsp"));
     }
 
     @Test