tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43757] - Improper parsing of response.sendRedirect() in JSP source
Date Thu, 01 Nov 2007 00:26:06 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43757>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43757





------- Additional Comments From beefnog@gmail.com  2007-10-31 17:26 -------
(In reply to comment #1)
> I am tempted to think that the source Tomcat is parsing isn't the source you
> think it is. I can't reproduce the issue. Can you provide a simple JSP that
> exhibits this problem?

Greetings Mark :)

Here is a .jsp that should allow you to reproduce the issue:

=========================

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.util.*"%>
<%@page import="javax.servlet.*"%>
<%


ServletContext context = this.getServletContext();



// if (session.getAttribute("isAuth") == null) {
//     session.setAttribute("messageToUser","Authentication failed.");
//        you.shouldNotParseThis();
//     response.sendRedirect("./index.jsp");
// }

// if (session.getAttribute("isAuth") != null) {
//     if (!session.getAttribute("isAuth").toString().equals("true")) {
//        session.setAttribute("messageToUser","Authentication failed.");
//         response.sendRedirect("./index.jsp");
//     }
// }

String state = "";

if (request.getParameter("state") != null) {
    state = request.getParameter("state");
} else {
    response.sendRedirect("./index.jsp");
}

// each state is caught by name, final fall through goes back to index.jsp
if (state.equals("CRInput")) {
    response.sendRedirect("./crinput.jsp");
} else {
    response.sendRedirect("./index.jsp");
}


%>

==============================

There is actually a logical flaw with this (possible for two
response.sendRedirect calls), and that is the root cause of the exception... my
bad! But, the HTTP 500 response incorrectly points to the line number of the
first occurrence of response.sendRedirect, whether it is commented out or not.
This makes debugging quite a pain.

With my recent discovery of the cause of the exception I feel that I set the
severity of this a bit high. I was not sure if it was my place to correct it, so
demote away if you'd like.

Thank you for the swift response!

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message