Validate contextPath in RedirectView

rstoyanchev · rstoyanchev · commit 3502f6fdc214 · 2018-04-23T15:27:22.000-04:00
Issue: SPR-16752
diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/view/RedirectView.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/view/RedirectView.java
@@ -332,7 +332,7 @@ protected final String createTargetUrl(Map<String, Object> model, HttpServletReq
 		StringBuilder targetUrl = new StringBuilder();
 		if (this.contextRelative && getUrl().startsWith("/")) {
 			// Do not apply context path to relative URLs.
-			targetUrl.append(request.getContextPath());
+			targetUrl.append(getContextPath(request));
 		}
 		targetUrl.append(getUrl());
 
@@ -358,6 +358,14 @@ protected final String createTargetUrl(Map<String, Object> model, HttpServletReq
 		return targetUrl.toString();
 	}
 
+	private String getContextPath(HttpServletRequest request) {
+		String contextPath = request.getContextPath();
+		while (contextPath.startsWith("//")) {
+			contextPath = contextPath.substring(1);
+		}
+		return contextPath;
+	}
+
 	/**
 	 * Replace URI template variables in the target URL with encoded model
 	 * attributes or URI variables from the current request. Model attributes
diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/view/RedirectViewTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/view/RedirectViewTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -172,9 +172,7 @@ public void updateTargetUrl() throws Exception {
 		request.setAttribute(DispatcherServlet.WEB_APPLICATION_CONTEXT_ATTRIBUTE, wac);
 
 		given(mockProcessor.processUrl(request, "/path")).willReturn("/path?key=123");
-
 		rv.render(new ModelMap(), request, response);
-
 		verify(mockProcessor).processUrl(request, "/path");
 	}
 
@@ -196,19 +194,15 @@ public void updateTargetUrlWithContextLoader() throws Exception {
 			rv.setUrl("/path");
 
 			given(mockProcessor.processUrl(request, "/path")).willReturn("/path?key=123");
-
 			rv.render(new ModelMap(), request, response);
-
 			verify(mockProcessor).processUrl(request, "/path");
 		}
 		finally {
 			contextLoader.closeWebApplicationContext(servletContext);
 		}
 	}
 
-	// SPR-13693
-
-	@Test
+	@Test // SPR-13693
 	public void remoteHost() throws Exception {
 		RedirectView rv = new RedirectView();
 
@@ -224,6 +218,19 @@ public void remoteHost() throws Exception {
 
 	}
 
+	@Test // SPR-16752
+	public void contextRelativeWithValidatedContextPath() throws Exception {
+		String url = "/myUrl";
+
+		this.request.setContextPath("//context");
+		this.response = new MockHttpServletResponse();
+		doTest(new HashMap<>(), url, true, "/context" + url);
+
+		this.request.setContextPath("///context");
+		this.response = new MockHttpServletResponse();
+		doTest(new HashMap<>(), url, true, "/context" + url);
+	}
+
 	@Test
 	public void emptyMap() throws Exception {
 		String url = "/myUrl";
