Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P04
-
Fix Version/s: EE-1.8.2.GA_P06
-
Labels:None
-
Environment:Seam
-
Assignee Priority:P1
-
Salesforce Case Reference:
Description
Given the following redirect rule specified in pages.xml:
<redirect view-id="/xhtml/loginator.xhtml">
<param name="t1" value="hellorvnworld" />
<param name="t2" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8R0007XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
<param name="t3" value="0000000rvn11111111111" />
<param name="t4" value="rvn" />
<param name="t5" value="RVN" />
<param name="t6" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8Rvn7XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
</redirect>
In this example, a parameter with name “t1” gets lost because its value is “hellorvnworld”, which contains “rvn” as a substring. Parameters t1, t3, and t4 will be null when trying to read the http request parameter after redirect.
This appears to be due to the following code at com.icesoft.util.SeamUtilities:194:
while(st.hasMoreTokens() ){
token = st.nextToken();
if ( (token.indexOf(conversationIdParameter) == -1) &&
(token.indexOf(conversationParentParameter) == -1) &&
token.indexOf("rvn") == -1 ) {
tokenList.add( token );
}
}
which indiscriminately discards request parameters if “rvn” is found anywhere in the value.
Note, this will also apply to the string “cid” when used as the conversationIdParameter.
<redirect view-id="/xhtml/loginator.xhtml">
<param name="t1" value="hellorvnworld" />
<param name="t2" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8R0007XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
<param name="t3" value="0000000rvn11111111111" />
<param name="t4" value="rvn" />
<param name="t5" value="RVN" />
<param name="t6" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8Rvn7XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
</redirect>
In this example, a parameter with name “t1” gets lost because its value is “hellorvnworld”, which contains “rvn” as a substring. Parameters t1, t3, and t4 will be null when trying to read the http request parameter after redirect.
This appears to be due to the following code at com.icesoft.util.SeamUtilities:194:
while(st.hasMoreTokens() ){
token = st.nextToken();
if ( (token.indexOf(conversationIdParameter) == -1) &&
(token.indexOf(conversationParentParameter) == -1) &&
token.indexOf("rvn") == -1 ) {
tokenList.add( token );
}
}
which indiscriminately discards request parameters if “rvn” is found anywhere in the value.
Note, this will also apply to the string “cid” when used as the conversationIdParameter.
Checked in fix. Can reopen if testing shows any ill-effects.