tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: Source of JSP returned to user
Date Tue, 28 Oct 2003 17:26:00 GMT
Or download JDK 1.4.2_02 (the bug has been fixed in _02)

-- Jeanfrancois

Larry Isaacs wrote:

>Since JDK 1.4.2 is being used, try the workaround specified
>for (you will need to register to see the bug):
>
><http://developer.java.sun.com/developer/bugParade/bugs/4895132.html>
>
>which is:
>
>    Specify -Dsun.io.useCanonCaches=false to the JVM.
>
>Or, try JDK 1.4.1 which doesn't have the cannon cache feature.
>
>HTH.
>Larry
>
>P.S. Partial bug description from the bug report above:
>
>For an existing file, getCanonicalPath() sometimes can produce
>a pathname whose case doesn't match that of the existing file's pathname.
>This doesn't matter in terms of being able to access the file, but it appears
>that some applications, such as TomCat, depend on getting the correct case.
>Sometimes the answer for the same input is inconsistent.
>
>
>  
>
>>-----Original Message-----
>>From: Jon O'Sullivan [mailto:jon.osullivan@dai.co.uk] 
>>Sent: Tuesday, October 28, 2003 7:32 AM
>>To: 'tomcat-user@jakarta.apache.org'
>>Subject: Source of JSP returned to user
>>
>>
>>
>> Hi,
>> 
>> I have accidentally discovered a way that Tomcat can serve 
>>the source code
>>of a JSP file. 
>> 
>> Running Tomcat 4.1.27 standalone, JDK 1.4.2,  Win XP Pro. 
>>and also Win 2K
>>Server
>>
>> Mostly the default configuration, but using port 80 rather 
>>than 8080. 
>>
>> pointing my browser to http://localhost/examples/jsp/num/numguess.jsp
>>returns the page as expected for the number guess example
>> 
>> but http://localhost/examples/jsp/num/numguess.JSP 
>> and other combinations such as
>>http://localhost/examples/jsp/num/numguess.JSp and
>>http://localhost/examples/jsp/num/numguess.Jsp
>> 
>> give a file download window for the source of numguess.jsp.
>>
>> Is there a workaround for this?
>>
>> Best Regards
>> Jon
>>
>>   
>>
>>
>>______________________________________________________________
>>__________
>>This email has been scanned for all viruses by the MessageLabs Email
>>Security System. For more information on a proactive email security
>>service working around the clock, around the globe, visit
>>http://www.messagelabs.com
>>______________________________________________________________
>>__________
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message