tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BugRat Mail System <tomcat-b...@cortexity.com>
Subject BugRat Report #98 has been filed.
Date Mon, 11 Sep 2000 11:29:17 GMT
Bug report #98 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/98>

REPORT #98 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment: 
   Release: 3.2
   JVM Release: 1.2
   Operating System: Solaris
   OS Release: 2.7
   Platform: Sparc

Synopsis: 
decoding of URL is never necessary

Description:
In org.apache.tomcat.service.http.HttpRequestAdapter.java
there is some code that decodes the URI if necessary
as the comment above the code describes it.

Decoding the URL is never necessary but is bug
because it is a violation of the URL / URI formats as described in rfc1738, rfc1630 and rfc2616.

If the URL is decoded the original URL used in the request
can not be reconstructed and the semantics of the URL
changes.

Example: it IS a difference if a slash is used
or a encoded slash is used,
a slash is a hierachy delimiter an encoded slash isn't.

Decoding the URL breaks javax.servlet.HttpUtil.getRequestURL()
and makes servlets unusable that use encoded names in URLs.



Mime
View raw message