From 61c111fec98b98a7d733d53e84c1dbd335a6e56d Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 26 Dec 2007 21:23:17 +0000
Subject: [PATCH] Fix bug 43914. Location headers must be encoded. Patch
 provided by Ivan Todoroski.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@606952 13f79535-47bb-0310-9956-ffa450edef68
---
 .../apache/catalina/connector/CoyoteAdapter.java   | 25 +++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java
index ad913504f..a22e542ff 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -25,6 +25,7 @@ import org.apache.catalina.Context;
 import org.apache.catalina.Globals;
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.util.StringManager;
+import org.apache.catalina.util.URLEncoder;
 import org.apache.coyote.ActionCode;
 import org.apache.coyote.Adapter;
 import org.apache.juli.logging.Log;
@@ -101,6 +102,28 @@ public class CoyoteAdapter
         StringManager.getManager(Constants.Package);
 
 
+    /**
+     * Encoder for the Location URL in HTTP redirects.
+     */
+    protected static URLEncoder urlEncoder;
+
+
+    // ----------------------------------------------------- Static Initializer
+
+
+    /**
+     * The safe character set.
+     */
+    static {
+        urlEncoder = new URLEncoder();
+        urlEncoder.addSafeCharacter('-');
+        urlEncoder.addSafeCharacter('_');
+        urlEncoder.addSafeCharacter('.');
+        urlEncoder.addSafeCharacter('*');
+        urlEncoder.addSafeCharacter('/');
+    }
+
+
     // -------------------------------------------------------- Adapter Methods
 
     
@@ -452,7 +475,7 @@ public class CoyoteAdapter
         // Possible redirect
         MessageBytes redirectPathMB = request.getMappingData().redirectPath;
         if (!redirectPathMB.isNull()) {
-            String redirectPath = redirectPathMB.toString();
+            String redirectPath = urlEncoder.encode(redirectPathMB.toString());
             String query = request.getQueryString();
             if (request.isRequestedSessionIdFromURL()) {
                 // This is not optimal, but as this is not very common, it
-- 
2.11.0