Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-1.8.2.GA_P04
-
Fix Version/s: EE-1.8.2.GA_P06
-
Labels:None
-
Environment:Seam
-
Assignee Priority:P1
-
Salesforce Case Reference:
Description
Given the following redirect rule specified in pages.xml:
<redirect view-id="/xhtml/loginator.xhtml">
<param name="t1" value="hellorvnworld" />
<param name="t2" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8R0007XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
<param name="t3" value="0000000rvn11111111111" />
<param name="t4" value="rvn" />
<param name="t5" value="RVN" />
<param name="t6" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8Rvn7XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
</redirect>
In this example, a parameter with name “t1” gets lost because its value is “hellorvnworld”, which contains “rvn” as a substring. Parameters t1, t3, and t4 will be null when trying to read the http request parameter after redirect.
This appears to be due to the following code at com.icesoft.util.SeamUtilities:194:
while(st.hasMoreTokens() ){
token = st.nextToken();
if ( (token.indexOf(conversationIdParameter) == -1) &&
(token.indexOf(conversationParentParameter) == -1) &&
token.indexOf("rvn") == -1 ) {
tokenList.add( token );
}
}
which indiscriminately discards request parameters if “rvn” is found anywhere in the value.
Note, this will also apply to the string “cid” when used as the conversationIdParameter.
<redirect view-id="/xhtml/loginator.xhtml">
<param name="t1" value="hellorvnworld" />
<param name="t2" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8R0007XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
<param name="t3" value="0000000rvn11111111111" />
<param name="t4" value="rvn" />
<param name="t5" value="RVN" />
<param name="t6" value="RkqF3RW4QZzhF0JrlznFr6d99LOIuMW52h3Vp1dPH8Rvn7XuIsIgoXjaSCuGD6OIOvECogMjt8=" />
</redirect>
In this example, a parameter with name “t1” gets lost because its value is “hellorvnworld”, which contains “rvn” as a substring. Parameters t1, t3, and t4 will be null when trying to read the http request parameter after redirect.
This appears to be due to the following code at com.icesoft.util.SeamUtilities:194:
while(st.hasMoreTokens() ){
token = st.nextToken();
if ( (token.indexOf(conversationIdParameter) == -1) &&
(token.indexOf(conversationParentParameter) == -1) &&
token.indexOf("rvn") == -1 ) {
tokenList.add( token );
}
}
which indiscriminately discards request parameters if “rvn” is found anywhere in the value.
Note, this will also apply to the string “cid” when used as the conversationIdParameter.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion