You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2000/09/11 13:20:14 UTC
BugRat Report #97 has been filed.
Bug report #97 has just been filed.
You can view the report at the following URL:
<http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/97>
REPORT #97 Details.
Project: Catalina
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment:
Release: current toplevel CVS source
JVM Release: 1.2
Operating System: solaris
OS Release: 2.7
Platform: sparc
Synopsis:
decoding of URL is never necessary
Description:
In org.apache.tomcat.connector.http.HttpProccessor.java
there is some code that decodes the URI if necessary
as the comment above the code describes it.
Decoding the URL is never necessary but is bug
because it is a violation of the URL / URI formats as described in rfc1738, rfc1630 and rfc2616.
If the URL is decoded the original URL used in the request
can not be reconstructed and the semantics of the URL
changes.
Example: it IS a difference if a slash is used
or a encoded slash is used,
a slash is a hierachy delimiter an encoded slash isn't.
Decoding the URL breaks javax.servlet.HttpUtil.getRequestURL()
and makes servlets unusable that use encoded names in URLs.
Re: BugRat Report #97 has been filed.
Posted by Nick Bauman <ni...@cortexity.com>.
On Mon, 11 Sep 2000, Bernd Eilers wrote:
>
> Hi there !
>
> the included workaround/bugfix information from the bugrep formular
> somehow got lost ;-(
>
It's a bug in BugRat. It _is_ being stored. It just isn't being displayed.
Haven't had time to fix it.
Re: BugRat Report #97 has been filed.
Posted by Bernd Eilers <be...@stardivision.de>.
Hi there !
the included workaround/bugfix information from the bugrep formular
somehow got lost ;-(
Here it is:
delete the URL decoding in the parseRequest method of HttpProcessor.java
by appling the following patch:
682,691d681
< // Perform decoding on the request URI if necessary
< if ((uri.indexOf('%') >= 0) || (uri.indexOf('+') >= 0)) {
< try {
< uri = URLDecoder.decode(uri);
< } catch (Exception e) {
< throw new ServletException
< (sm.getString("httpProcessor.parseRequest.decode"));
< }
< }
<
After appling the above patch corresponing changes should be done in the
Default Servlet and Wevdav Servlet where the request URI is mapped to a
path on the filesystem.
>>>>>>>>>>>>>>>>>> Ursprüngliche Nachricht <<<<<<<<<<<<<<<<<<
Am 11.09.00, 13:20:14, schrieb BugRat Mail System
<to...@cortexity.com> zum Thema BugRat Report #97 has been filed.:
> Bug report #97 has just been filed.
> You can view the report at the following URL:
> <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/97>
> REPORT #97 Details.
> Project: Catalina
> Category: Bug Report
> SubCategory: New Bug Report
> Class: swbug
> State: received
> Priority: high
> Severity: critical
> Confidence: public
> Environment:
> Release: current toplevel CVS source
> JVM Release: 1.2
> Operating System: solaris
> OS Release: 2.7
> Platform: sparc
> Synopsis:
> decoding of URL is never necessary
> Description:
> In org.apache.tomcat.connector.http.HttpProccessor.java
> there is some code that decodes the URI if necessary
> as the comment above the code describes it.
> Decoding the URL is never necessary but is bug
> because it is a violation of the URL / URI formats as described in
rfc1738, rfc1630 and rfc2616.
> If the URL is decoded the original URL used in the request
> can not be reconstructed and the semantics of the URL
> changes.
> Example: it IS a difference if a slash is used
> or a encoded slash is used,
> a slash is a hierachy delimiter an encoded slash isn't.
> Decoding the URL breaks javax.servlet.HttpUtil.getRequestURL()
> and makes servlets unusable that use encoded names in URLs.