tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Date Sun, 14 Jan 2007 17:23:46 GMT
Is this screaming XSS attack?

Since javadocs in getRequestURI() say ... "The web container does not 
decode this String"


-Tim

markt@apache.org wrote:
> Author: markt
> Date: Sat Jan 13 18:45:48 2007
> New Revision: 496022
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=496022
> 
> Modified: tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
> URL: http://svn.apache.org/viewvc/tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java?view=diff&rev=496022&r1=496021&r2=496022
> ==============================================================================
> --- tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java (original)
> +++ tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java Sat Jan
13 18:45:48 2007
> @@ -301,7 +301,7 @@
>                      // creating unnecessary directories and files.
>                      if (null == context.getResource(jspUri)) {
>                          response.sendError(HttpServletResponse.SC_NOT_FOUND,
> -                                           jspUri);
> +                                           request.getRequestURI());
>                          return;
>                      }
>                      boolean isErrorPage = exception != null;
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message