Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 1464 invoked from network); 2 Nov 2007 18:31:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Nov 2007 18:31:28 -0000 Received: (qmail 78758 invoked by uid 500); 2 Nov 2007 18:31:05 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 78734 invoked by uid 500); 2 Nov 2007 18:31:05 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 78722 invoked by uid 99); 2 Nov 2007 18:31:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2007 11:31:05 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.30.17] (HELO QMTA10.emeryville.ca.mail.comcast.net) (76.96.30.17) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Nov 2007 18:31:26 +0000 Received: from OMTA13.emeryville.ca.mail.comcast.net ([76.96.30.52]) by QMTA10.emeryville.ca.mail.comcast.net with smtp id 7uFU1Y00617UAYk0101500; Fri, 02 Nov 2007 18:30:45 +0000 Received: from [192.168.1.87] ([69.143.185.141]) by OMTA13.emeryville.ca.mail.comcast.net with comcast id 7uWj1Y00333U5eD0000000; Fri, 02 Nov 2007 18:30:45 +0000 X-Authority-Analysis: v=1.0 c=1 a=mV9VRH-2AAAA:8 a=xe8BsctaAAAA:8 a=VmsCYoR_f-g3_9D2BwcA:9 a=CT3_z0Nw2cnCu2lMY93u7bNwNIAA:4 a=rPt6xJ-oxjAA:10 Message-ID: <472B6CD0.2080301@christopherschultz.net> Date: Fri, 02 Nov 2007 14:30:40 -0400 From: Christopher Schultz User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: Tomcat Users List Subject: Paths containing %2F instead of / X-Enigmail-Version: 0.95.5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, One of the unit tests is failing in the securityfilter project which uses Tomcat (5.5) and httpunit for the tests themselves. Basically, a test written a loooong time ago seems to be failing after the fix for a bug which involves decoding of %2F in a URL into a '/'. Either through mod_jk or directly to Tomcat's HTTP connector, now, any request that has a / replaced with a %2F will not work. I'm pretty sure this was a security fix. I was wondering if anyone could explain what the initial problem was, why this was "fixed" and if it makes any sense for me to try to fix this test in any meaningful way, or if it should be simply removed. (And yes, I have read this: http://tomcat.apache.org/security-5.html#Fixed in Apache Tomcat 5.5.22, 5.0.SVN. I still don't get it... shouldn't it work properly when using the HTTP connector?) Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHK2zQ9CaO5/Lv0PARAum6AJ9J6r4TiKN3ZchTShHYfgTCUeq3UwCfX6Rz tDz5wVwTx6tPdsV7e0YDL54= =gPM3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org