You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Phil Hanna <au...@philhanna.com> on 2000/05/18 03:58:34 UTC
Partial fix for URL rewriting bug in HttpServletResponseFacade.java
The isEncodeable() method compares two URL's component-wise, including port number. However, the java.net.URL getHost() method correctly returns -1 for the default port when it is not specified. request.getServerPort() return 80. This results in a mismatch where one should not occur.
My patch converts -1 to the default value of 80 in both cases before the comparison.
Note: This doesn't fix the encodeURL() problem that occurs when cookies are turned off. Is there some reason why the jsessionid is encoded with ";" instead of "?"? JRun treats the session ID parameter like any other parameter, and it seems to work fine.
P.S.: Is bugzilla still down? Is tomcat-dev the preferred place to submit patches in the meantime?
--- HttpServletResponseFacade.java Sat May 13 20:21:38 2000
+++ HttpServletResponseFacade.java.new Wed May 17 21:46:42 2000
@@ -297,7 +297,13 @@
return (false);
if (!request.getServerName().equalsIgnoreCase(url.getHost()))
return (false);
- if (request.getServerPort() != url.getPort())
+ int serverPort = (request.getServerPort() == -1)
+ ? 80
+ : request.getServerPort();
+ int urlPort = (url.getPort() == -1)
+ ? 80
+ : url.getPort();
+ if (serverPort != urlPort)
return (false);
String contextPath = request.getContext().getPath();
if ((contextPath != null) && (contextPath.length() > 0)) {
Re: Partial fix for URL rewriting bug in HttpServletResponseFacade.java
Posted by Hans Bergsten <ha...@gefionsoftware.com>.
Phil Hanna wrote:
> [...]
> Note: This doesn't fix the encodeURL() problem that occurs when cookies are
> turned off. Is there some reason why the jsessionid is encoded with ";"
> instead of "?"? JRun treats the session ID parameter like any other parameter,
> and it seems to work fine.
The reason is that jsessionid is a "path parameter" (the term used in the HTTP
spec) as opposed to a regular query string parameter, exactly as specified in
the Servlet 2.2 spec. Using a query string parameter for the session ID doesn't
work in all cases, such as if you encode the URL for a <img src> tag and use an
image map (some browsers just adds "?x=12&y=34" query string params, creating an
invalid URL like "/myimage.gif?jsessionid=1234?x=12&y=34"), or when you encode
a URL like "/foo.jsp?foo=bar" (ends up as "/foo.bar?jsessionid=1234?foo=bar").
JRun is, in other words, wrong. I sent them a bug report about this a while
back but I'm not sure if it's fixed in JRun 3.0.
Hans
--
Hans Bergsten hans@gefionsoftware.com
Gefion Software http://www.gefionsoftware.com