You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/10/25 13:30:37 UTC
DO NOT REPLY [Bug 13969] New: -
':' in parameter breaks encodeURL() and encodeRedirectURL()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13969>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13969
':' in parameter breaks encodeURL() and encodeRedirectURL()
Summary: ':' in parameter breaks encodeURL() and
encodeRedirectURL()
Product: Tomcat 4
Version: 4.1.10
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: boris@folgmann.de
A DESCRIPTION OF THE PROBLEM :
The ':' characted is not encoded properly by encodeURL() or
redirectURL(). In fact it seems to confuse the method a lot.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Try this inside a JSP:
<%
response.sendRedirect(response.encodeRedirectURL("bug.jsp?ready=Saturday
04:30")); %>
2. Load the page in your browser
3. See the totally wrong encoded URL in the adress field
EXPECTED VERSUS ACTUAL BEHAVIOR :
The above URL should be encoded to:
http://localhost:8081/bug.jsp?ready=Saturday%2004%3A30
In fact it's encoded to:
http://localhost:8081/bug.jsp?ready=saturday%2004:?ready=Saturday%2004:30
RESULTING PROBLEMS:
With this more or less destroyed URL the redirect or an <a href=""> don't work
if an : is passed through a CGI parameter. Problems get even worse, if you have
to rely on the sessionid in the URL.
REPRODUCIBILITY :
This bug can be reproduced always.
Try this demo.jsp:
<%@page contentType="text/html"%>
<% response.sendRedirect(response.encodeRedirectURL("bug.jsp?ready=Saturday
04:30")); %>
JDK:
java version "1.4.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-b21)
Java HotSpot(TM) Client VM (build 1.4.1-b21, mixed mode)
Java 2 Enterprise Edition version 1.3.1, build 1.3.1-b17
OPERATING SYSTEM:
Red Hat Linux release 8.0 (Psyche)
Linux 2.4.18-17.8.0 #1 Tue Oct 8 13:51:08 EDT 2002 i686 i686 i386 GNU/Linux
glibc-2.2.93-5
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>