tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: request.getPathInfo() gets truncated when ";" is present
Date Fri, 24 Jul 2009 01:49:14 GMT

"Christopher Schultz" <chris@christopherschultz.net> wrote in message 
news:4A68CD5B.2090402@christopherschultz.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Peter,
>
> On 7/23/2009 3:41 PM, Peter J. Farrell wrote:
>> /index.cfm/somePathInfo&amp;withMoreInfo/
>
> Shouldn't that be /index.cfm/somePathInfo&amp%3BwithMoreInfo/
>
> ?
>
> If you try the above URL, does it work?
>
> java.net.URLEncoder will encode ";" as "%3B".
>
> See the URL Specification (RFC 1738,
> http://www.ietf.org/rfc/rfc1738.txt), section 2.2 "URL Character
> Encoding Issues
> ":
>
> "
> Many URL schemes reserve certain characters for a special meaning:
> their appearance in the scheme-specific part of the URL has a
> designated semantics. If the character corresponding to an octet is
> reserved in a scheme, the octet must be encoded.  The characters ";",
> "/", "?", ":", "@", "=" and "&" are the characters which may be
> reserved for special meaning within a scheme. No other characters may
> be reserved within a scheme.
> "
>
> The HTTP specification does not specifically say that semi-colons are
> reserved, but perhaps the common interpretation of the URL spec is such
> that semi-colons should always be encoded.
>

Actually it does, just by reference.  Section 3.2.1 of RFC 2616 defers to 
RFC 2396.  And section 3.3 of that RFC gives a special meaning to ';'. 
Tomcat doesn't handle this correctly according the the RFC, but no 
developer/contributor has had enough of an itch to fix it.  But I doubt that 
fixing it would help the OP much.

The fully compliant Tomcat would have to remove anything after a ';' 
(including the ';') up until the next '/' (if any) for the purpose of 
mapping the request.  It should then re-include them in the various parts of 
the request URI (except for ";jsessionid").  So it's a lot of work to 
implement an archane feature that has plenty of work arounds.

> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkpozVsACgkQ9CaO5/Lv0PBnLwCfXFSSIDAnRR0BurRKeS0ub/v9
> 3UYAoJ1gp5oIqnJw2WgHx9LdVzqqAOAI
> =rpT0
> -----END PGP SIGNATURE----- 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message