You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ru...@us.ibm.com on 2000/03/14 00:29:32 UTC

Re: cvs commit: jakarta-tomcat/src/examples/WEB-INF/classes /examples ShowSource.java

Ben Laurie wrote:
>
> akv@locus.apache.org wrote:
> >
> > akv         00/03/07 11:53:39
> >
> >   Modified:    src/examples/WEB-INF/classes/examples ShowSource.java
> >   Log:
> >   Fix the fix for the fix again.
>
> I've got to say that this kind of piecemeal path processing is exactly
> what has caused MS's neverending ASP holes. You've got to canonicalise
> paths and then decide whether they are legit.

If you check closer, the "right" fix was placed into
org.apache.tomcat.core.Context.java; and this fix was just to make sure.

Had we discovered this problem ourselves, I would have argued that the fix
to core should have been sufficient, but as this was already noticed
externally, I would prefer to eliminate any margin of error.