You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2007/01/14 03:45:49 UTC
svn commit: r496022 - in /tomcat:
container/tc5.5.x/webapps/docs/changelog.xml
jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Author: markt
Date: Sat Jan 13 18:45:48 2007
New Revision: 496022
URL: http://svn.apache.org/viewvc?view=rev&rev=496022
Log:
Fix bug 41327. Show full request URI for a 404. Patch provided by Vijay.
Modified:
tomcat/container/tc5.5.x/webapps/docs/changelog.xml
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Modified: tomcat/container/tc5.5.x/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/webapps/docs/changelog.xml?view=diff&rev=496022&r1=496021&r2=496022
==============================================================================
--- tomcat/container/tc5.5.x/webapps/docs/changelog.xml (original)
+++ tomcat/container/tc5.5.x/webapps/docs/changelog.xml Sat Jan 13 18:45:48 2007
@@ -228,6 +228,10 @@
<subsection name="Jasper">
<changelog>
<fix>
+ <bug>39975</bug>: don't have static Log references to prevent
+ classloader leaks. (yoavs)
+ </fix>
+ <fix>
<bug>40797</bug>: This was a regression as a result of the fix for
<bug>33407</bug>. TLD validation was failing as a result of the use
of the escape character (0x1b) as a temporary replacement for \$.
@@ -238,15 +242,16 @@
<bug>41057</bug>: Make jsp:plugin output XHTML compliant. (markt)
</fix>
<fix>
+ <bug>41327</bug>: Show full URI for a 404. Patch provided by Vijay.
+ (markt)
+ </fix>
+ <fix>
When displaying JSP source after an exception, handle included files.
(markt)
</fix>
<fix>
Display the JSP source when a compilation error occurs and display
the correct line number rather than start of a scriptlet block. (markt)
- </fix>
- <fix>
- <bug>39975</bug>: don't have static Log references to prevent classloader leaks. (yoavs)
</fix>
</changelog>
</subsection>
Modified: tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
URL: http://svn.apache.org/viewvc/tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java?view=diff&rev=496022&r1=496021&r2=496022
==============================================================================
--- tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java (original)
+++ tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java Sat Jan 13 18:45:48 2007
@@ -301,7 +301,7 @@
// creating unnecessary directories and files.
if (null == context.getResource(jspUri)) {
response.sendError(HttpServletResponse.SC_NOT_FOUND,
- jspUri);
+ request.getRequestURI());
return;
}
boolean isErrorPage = exception != null;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml
jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Posted by Mark Thomas <ma...@apache.org>.
Tim Funk wrote:
> Sweet - I thought that was the case. [But wanted to make sure.]
>
> -Tim
Better safe than sorry ;)
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml
jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Posted by Tim Funk <fu...@joedog.org>.
Sweet - I thought that was the case. [But wanted to make sure.]
-Tim
Mark Thomas wrote:
> Tim Funk wrote:
>> Is this screaming XSS attack?
>>
>> Since javadocs in getRequestURI() say ... "The web container does not
>> decode this String"
>
> It would be if it wasn't for line 177 of o.a.c.valves.ErrorReportValve
> which does:
> String message = RequestUtil.filter(response.getMessage());
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml
jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Posted by Mark Thomas <ma...@apache.org>.
Tim Funk wrote:
> Is this screaming XSS attack?
>
> Since javadocs in getRequestURI() say ... "The web container does not
> decode this String"
It would be if it wasn't for line 177 of o.a.c.valves.ErrorReportValve
which does:
String message = RequestUtil.filter(response.getMessage());
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r496022 - in /tomcat: container/tc5.5.x/webapps/docs/changelog.xml
jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Posted by Tim Funk <fu...@joedog.org>.
Is this screaming XSS attack?
Since javadocs in getRequestURI() say ... "The web container does not
decode this String"
-Tim
markt@apache.org wrote:
> Author: markt
> Date: Sat Jan 13 18:45:48 2007
> New Revision: 496022
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=496022
>
> Modified: tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
> URL: http://svn.apache.org/viewvc/tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java?view=diff&rev=496022&r1=496021&r2=496022
> ==============================================================================
> --- tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java (original)
> +++ tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java Sat Jan 13 18:45:48 2007
> @@ -301,7 +301,7 @@
> // creating unnecessary directories and files.
> if (null == context.getResource(jspUri)) {
> response.sendError(HttpServletResponse.SC_NOT_FOUND,
> - jspUri);
> + request.getRequestURI());
> return;
> }
> boolean isErrorPage = exception != null;
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org