Permalink
Browse files

Log the unsanitized redirect URL to facilitate abuse investigations.

  • Loading branch information...
1 parent 911254c commit dcc451643888f1238d84aa155fa36fa69a84f744 @serac serac committed Sep 16, 2011
View
2 cas-server-core/src/main/java/org/jasig/cas/authentication/principal/Response.java
@@ -115,7 +115,7 @@ private static String sanitizeUrl(final String url) {
}
m.appendTail(sb);
if (hasNonPrintable) {
- LOG.warn("Non-printable characters detected in redirect URL. This may indicate a CRLF attack.");
+ LOG.warn("The following redirect URL has been sanitized and may be sign of attack:\n" + url);
}
return sb.toString();
}

0 comments on commit dcc4516

Please sign in to comment.