tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Eilers <...@stardivision.de>
Subject Re: BugRat Report #97 has been filed.
Date Mon, 11 Sep 2000 12:47:35 GMT

Hi there !

the included workaround/bugfix information from the bugrep formular 
somehow got lost ;-(

Here it is:

delete the URL decoding in the parseRequest method of HttpProcessor.java 
by appling the following patch:

682,691d681
< 	// Perform decoding on the request URI if necessary
< 	if ((uri.indexOf('%') >= 0) || (uri.indexOf('+') >= 0)) {
< 	    try {
< 		uri = URLDecoder.decode(uri);
< 	    } catch (Exception e) {
< 		throw new ServletException
< 		    (sm.getString("httpProcessor.parseRequest.decode"));
< 	    }
< 	}
< 

After appling the above patch corresponing changes should be done in the 
Default Servlet and Wevdav Servlet where the request URI is mapped to a 
path on the filesystem.


>>>>>>>>>>>>>>>>>> Urspr√ľngliche Nachricht
<<<<<<<<<<<<<<<<<<

Am 11.09.00, 13:20:14, schrieb BugRat Mail System 
<tomcat-bugs@cortexity.com> zum Thema BugRat Report #97 has been filed.:


> Bug report #97 has just been filed.

> You can view the report at the following URL:

>    <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/97>

> REPORT #97 Details.

> Project: Catalina
> Category: Bug Report
> SubCategory: New Bug Report
> Class: swbug
> State: received
> Priority: high
> Severity: critical
> Confidence: public
> Environment:
>    Release: current toplevel CVS source
>    JVM Release: 1.2
>    Operating System: solaris
>    OS Release: 2.7
>    Platform: sparc

> Synopsis:
> decoding of URL is never necessary

> Description:
> In org.apache.tomcat.connector.http.HttpProccessor.java
> there is some code that decodes the URI if necessary
> as the comment above the code describes it.

> Decoding the URL is never necessary but is bug
> because it is a violation of the URL / URI formats as described in 
rfc1738, rfc1630 and rfc2616.

> If the URL is decoded the original URL used in the request
> can not be reconstructed and the semantics of the URL
> changes.

> Example: it IS a difference if a slash is used
> or a encoded slash is used,
> a slash is a hierachy delimiter an encoded slash isn't.

> Decoding the URL breaks javax.servlet.HttpUtil.getRequestURL()
> and makes servlets unusable that use encoded names in URLs.

Mime
View raw message