tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24197] - adding an extra slash in a mod_jk url circumvents tomcat (form) login authentication
Date Sun, 02 Nov 2003 23:23:16 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24197>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24197

adding an extra slash in a mod_jk url circumvents tomcat (form) login authentication





------- Additional Comments From thundur@mayaxatl.org  2003-11-02 23:23 -------
Well, I've done some source tracking in mod_jk 1.2.5. The problem is in
apache-1.3/mod_jk.c:1822. There, a copy of r->uri is made to local pointer
'uri'. All de-double-slashing happens to the copy of r->uri, not to r->uri
itself. I   added ap_no2slash(r->uri); after line 1824 and all went well.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message