cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 27802] - EncodeURLTransformer encodes off site links
Date Fri, 26 Mar 2004 19:33:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=27802>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=27802

EncodeURLTransformer encodes off site links

m_rolappe@web.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From m_rolappe@web.de  2004-03-26 19:33 -------
ok, now I actually tried it.

with jetty, you are right, it incorrectly encodes the url, but tomcat works as
expected; no session id for off-site links. so in the end it's a jetty bug.

I find the 'behavioural change' implemented by your patch rather aggressive and
it makes the transformer hard to use and almost worthless. it's the container's
responsibility to determine if the specified URL could be part of one of the
container's sessions, i.e. whether it's processed by the same webapp/servlet
context.


and now to something (not really ;-) completely differrent; EUT's
checkForEncoding() could be improved by checking whether the requested session
id is valid. the other thing is o.a.c.e.h.HttpResponse trying to be smart on url
encoding but being pretty dumb (doing url.indexOf(";jsessionid=") != -1
checking). the container would do something similar so this is just (buggy)
duplication.

Mime
View raw message