tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53469] possible bug in Response.normalize(CharChunk cc)
Date Mon, 20 Aug 2012 22:29:40 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469

--- Comment #17 from wanshoupu@hotmail.com ---
(In reply to comment #16)
> I have fixed the IAE in trunk and 7.0.x.
> 
> I am leaving this open while I wait for clarification from the Servlet EG as
> to how relative URLs passed to encodeURL should be treated.
> 
> See http://java.net/jira/browse/SERVLET_SPEC-43

Tomcat needs to be patched to catch a normalization failure and simply not
encode the URL in that case.

I totally agree with this solution. Has it been so fixed anywhere?
My webapplication generated something like this: 
https://localhost:3443/vcbs/../../../../../?wicket:interface=:18::::
which absolutely failed the 'within-server-root' test after normalization.

I look forward to this being patched in Tomcat.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message