tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteResponse.java
Date Sun, 20 Jun 2004 17:52:43 GMT

----- Original Message ----- 
From: "Mark Thomas" <markt@apache.org>
To: "'Tomcat Developers List'" <tomcat-dev@jakarta.apache.org>
Sent: Sunday, June 20, 2004 9:26 AM
Subject: RE: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5
CoyoteResponse.java


> Bill,
>
> Thanks for implementing a patch for TC5. I looked at porting it to TC4 and
> noticed that the implementation of toAbsolute() is very different. Looking
> through the CVS logs, the TC4 implementation used to be the same as TC5
but you
> changed it back in Oct 2002. I can see pros and cons of both
implementations. Is
> one significantly better than the other and if so is it worth changing the
other
> one? If not, I propose to add a 'location.startsWith("mailto:")' test to
TC4 to
> fix bug 18147. What do you think?
>

My change back in 2002 was from java.net.URL to o.a.t.u.net.URL.  It was
Remy that didn't like all the garbage it produced for TC5 :).

Now, TC5 is probably better than TC4.  I also don't think that this is a
critical call, so I don't think it really matters.  The check for 'is an
absolute URL' is pretty much the same for well-formed URLs, but TC5 doesn't
generate garbage in checking.  It's true that TC5 doesn't correctly handle
the case of 'sendRedirect("//www.yahoo.com")', but I doubt that it is that
big of an issue.

To keep the current method of TC4, I'd go with:
  if(url.getAuthority() == null)
        return location
(we might as well allow 'news:' as well :).

> Thanks,
>
> Mark
>
>
>
> > -----Original Message-----
> > From: Bill Barker [mailto:wbarker@wilshire.com]
> > Sent: Saturday, June 19, 2004 9:47 PM
> > To: Tomcat Developers List
> > Subject: Re: cvs commit:
> > jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/t
> > omcat5 CoyoteResponse.java
> >
> >
> > ----- Original Message ----- 
> > From: "Mark Thomas" <markt@apache.org>
> > To: "'Tomcat Developers List'" <tomcat-dev@jakarta.apache.org>
> > Sent: Saturday, June 19, 2004 11:50 AM
> > Subject: RE: cvs commit:
> > jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5
> > CoyoteResponse.java
> >
> >
> > > Fair point - I'll revert it now. Is your objection to the concept of
> > supporting
> > > mailto in redirect or just this bad implementation of it? I
> > have seen some
> > uses
> > > of this and some users must want to do it or the bug report
> > would never
> > have
> > > been filed. I am happy to work on a better implementation.
> > >
> >
> > I don't care one way or the other about supporting mailto in
> > a redirect.
> >
> > I believe that the check used to be done by testing if a
> > o.a.t.u.net.URL
> > could be constructed from the 'location', and consider it
> > absolute if it
> > could be.  A well-formed mailto URI would pass this test.
> > This one would
> > also fail something like
> > 'foobar.html?uri=http://myserver/myapp', which
> > currently passes.  The current code is supposed to be an
> > optimization to
> > save the time (and garbage) of parsing a URI that just gets
> > thrown away.
> >
> > I could probably live with 'location.startsWith("mailto:")'
> > (and, even,
> > "news:" :) as a compromise.
> >
> > > Mark
> > >
> > > > -----Original Message-----
> > > > From: Bill Barker [mailto:wbarker@wilshire.com]
> > > > Sent: Saturday, June 19, 2004 7:56 PM
> > > > To: Tomcat Developers List
> > > > Subject: Re: cvs commit:
> > > > jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/t
> > > > omcat5 CoyoteResponse.java
> > > >
> > > >
> > > > ----- Original Message ----- 
> > > > From: <markt@apache.org>
> > > > To: <jakarta-tomcat-catalina-cvs@apache.org>
> > > > Sent: Saturday, June 19, 2004 11:14 AM
> > > > Subject: cvs commit:
> > > >
> > jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5
> > > > CoyoteResponse.java
> > > >
> > > >
> > > > > markt       2004/06/19 11:14:23
> > > > >
> > > > >   Modified:    catalina/src/share/org/apache/coyote/tomcat5
> > > > >                         CoyoteResponse.java
> > > > >   Log:
> > > > >   Fix bug 18147. Prevent mailto URLs from being mangled in
> > > > re-directs.
> > > > >     - Ported from TC4
> > > > >
> > > >
> > > > Big huge -1.  Please revert this, since it is questionable
> > > > that it fixes any
> > > > real problem, and it breaks plenty of things (e.g.
> > > > sendRedirect("mailto.html")).
> > > >
> > > >
> > >
> > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> > >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>


Mime
View raw message