tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reshat Sabiq <sa...@purdue.edu>
Subject Likely bug in org.apache.jasper.servlet.JspServlet (Tomcat 5)
Date Thu, 11 Dec 2003 07:27:16 GMT
I think i found a bug in Tomcat 5 implementation (J2EE 1.4-DR). I would 
highly appreciate if somebody could provide a brief description of what 
includeUri, and requestUri below stand for. I looked at the comments in 
Constants, but can't make out a lot out of them. Please see my comment 
below.
org.apache.jasper.servlet.JspServlet.service() starting on line 190:
            String includeUri
                = (String) request.getAttribute(Constants.INC_SERVLET_PATH);
            String requestUri
                = (String) request.getAttribute(Constants.INC_REQUEST_URI);
           
            String jspUri;
           
            // When jsp-property-group/url-matching is used, and when the
            // jsp is not defined with <servlet-name>, the url
            // as to be passed as it is to the JSP container (since
            // Catalina doesn't know anything about the requested JSP
           
            // The first scenario occurs when the jsp is not directly 
under /
            // example: /utf16/foo.jsp
            if (requestUri != null){
                ////////// This is pretty unsafe syntax, and i do get an 
exception here, which is the only reason why i can't migrate my app to 
J2EE 1.4-DR! ///////////
                String currentIncludedUri
                    = 
requestUri.substring(requestUri.indexOf(includeUri));  

                if ( !includeUri.equals(currentIncludedUri) ) {
                    includeUri = currentIncludedUri;
                }
            }

P.S. On a positive note, the custom error pages do work in DR, as 
opposed to Beta 2.

-- 
Sincerely,
Reshat.

-------------------------------------------------------------------------------------------
If you see my certificate with this message, you should be able to send me encrypted e-mail.

Please consult your e-mail client for details if you would like to do that.


Mime
View raw message