tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1025785 - /tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
Date Wed, 20 Oct 2010 22:30:48 GMT
Author: markt
Date: Wed Oct 20 22:30:48 2010
New Revision: 1025785

URL: http://svn.apache.org/viewvc?rev=1025785&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4227
Update comments to indicate this is no longer an issue

Modified:
    tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java

Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java?rev=1025785&r1=1025784&r2=1025785&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Wed Oct 20 22:30:48 2010
@@ -226,8 +226,6 @@ import org.apache.catalina.util.IOTools;
  * <li> Better documentation
  * <li> Confirm use of ServletInputStream.available() in CGIRunner.run() is
  *      not needed
- * <li> Make checking for "." and ".." in servlet & cgi PATH_INFO less
- *      draconian
  * <li> [add more to this TODO list]
  * </ul>
  * </p>
@@ -1522,7 +1520,10 @@ public final class CGIServlet extends Ht
          *             segments</u>:
          *             This implementation does not allow "<code>.</code>" and
          *             "<code>..</code>" in the the path, and such characters
-         *             will result in an IOException being thrown;
+         *             will result in an IOException being thrown (this should
+         *             never happen since Tomcat normalises the requestURI
+         *             before determining the contextPath, servletPath and
+         *             pathInfo);
          *     <LI> <u>Implementation limitations</u>: This implementation
          *             does not impose any limitations except as documented
          *             above.  This implementation may be limited by the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message