tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: svn commit: r544137 - /tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
Date Mon, 04 Jun 2007 15:05:33 GMT
Jean-Frederic wrote:
> On Mon, 2007-06-04 at 12:08 +0000, mturk@apache.org wrote:
>> Author: mturk
>> Date: Mon Jun  4 05:08:33 2007
>> New Revision: 544137
>>
>> URL: http://svn.apache.org/viewvc?view=rev&rev=544137
>> Log:
>> Add simple URI normalizer that can deal with things like %252e%252e. This is mostly
copy/paste from the IIS module
>>
> 
> Note that we should rollback
> http://svn.apache.org/viewvc?view=rev&revision=538975 too, shouldn't we?
> 


Of course. It was already reported by lots of users that FWDURICOMPATUNPARSED
breaks many current deployments where users expect the uri passed
will be r->uri, not r->unparsed_uri. In such situation users are
forcing the JK_OPT_FWDURICOMPAT anyhow, and are still suffering from
security implications.

Regards,
Mladen.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message