From 85ee3243d58305378d4358c2144b7eb5c2d92dd3 Mon Sep 17 00:00:00 2001
From: Aaron Ogburn <aogburn@redhat.com>
Date: Fri, 26 Apr 2024 14:09:58 -0500
Subject: [PATCH] [UNDERTOW-2383] do not canonicalize query string in
 sendRedirect location

---
 .../undertow/servlet/spec/HttpServletResponseImpl.java   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/servlet/src/main/java/io/undertow/servlet/spec/HttpServletResponseImpl.java b/servlet/src/main/java/io/undertow/servlet/spec/HttpServletResponseImpl.java
index 0c927876c4..5e22ca30c2 100644
--- a/servlet/src/main/java/io/undertow/servlet/spec/HttpServletResponseImpl.java
+++ b/servlet/src/main/java/io/undertow/servlet/spec/HttpServletResponseImpl.java
@@ -219,7 +219,14 @@ public void sendRedirect(final String location) throws IOException {
                 } else {
                     current = "";
                 }
-                realPath = CanonicalPathUtils.canonicalize(servletContext.getContextPath() + current + location);
+                String precanonLocation = location;
+                String query = "";
+                int firstQuestionMark = location.indexOf("?");
+                if (firstQuestionMark >= 0) {
+                    precanonLocation = location.substring(0, firstQuestionMark);
+                    query = location.substring(firstQuestionMark);
+                }
+                realPath = CanonicalPathUtils.canonicalize(servletContext.getContextPath() + current + precanonLocation) + query;
             }
             String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + realPath;
             exchange.getResponseHeaders().put(Headers.LOCATION, loc);