tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r544137 - /tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
Date Mon, 04 Jun 2007 19:02:58 GMT
mturk@apache.org wrote:
> Author: mturk
> Date: Mon Jun  4 05:08:33 2007
> New Revision: 544137
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=544137
> Log:
> Add simple URI normalizer that can deal with things like %252e%252e. This is mostly copy/paste
from the IIS module

You have me way confused ;-)

The uri you are processing in the httpd connector has already been unfolded.
So your desire is to double-unfold the uri?  This has some very ugly side
effects for legitimately escaped paths, and if it is a security precaution,
don't you just leave yet-a-new-hole for triply-folded uris?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message