tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 4707] - HttpServletRequest.getPathInfo() method strips consecutive "/" chars
Date Wed, 07 Nov 2001 19:51:01 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4707>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4707

HttpServletRequest.getPathInfo()  method strips consecutive "/" chars

remm@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |LATER



------- Additional Comments From remm@apache.org  2001-11-07 11:51 -------
Many paths are normilized in one way or another in an attempt to prevent 
attacks using malformed URLs. The goal eventually is to avoid causing the kind 
of problem you describe. However, since it can possibly cause a lot of problems 
security-wise, it is unlikely that this problem will be fixed anytime soon.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message