tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: tomcat 6.0 404 error only on firefox due to backslashes?
Date Thu, 10 Jun 2010 16:18:04 GMT
mamalacation wrote:
> 
> 
> Pid * wrote:
>>
>> Why not just fix the URLs?
>>
>> p
>>
>>  
>>
> 
> I am not sure what you mean by saying "fix the URLs", but in the meantime I
> found out how to set the option org.apache.catalina.connector.
> CoyoteAdapter.ALLOW_BACKSLASH=true in conf/catalina.properties, so now it
> almost works! It starts downloading the file, but the filename to be saved
> is path\to\file.ext  instead of file.ext.
> 
> Does anybody know how this can be fixed?

No. But before you find a "solution" and create a big security issue, I 
suggest that from now on you check this with different browsers, and 
particularly different IE versions.

I think that the "fix" you found is really a kludge, in that it kind of 
works by making some pieces of software believe that this is an 
acceptable file name, while other pieces may see this as a file path.
But it seems *really* dangerous to me.

As pid indicated, you should fix the problem, not the symptom.
Or you will end up sorry, I am quite certain.

Fixing the URLs in this case means to replace the %5C's (escaped \) by 
escaped "/" characters, before you send the links to the browser.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message