You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/04/08 15:43:12 UTC
[Bug 56366] New: Use case-insensitive matching in StandardJarScanner
https://issues.apache.org/bugzilla/show_bug.cgi?id=56366
Bug ID: 56366
Summary: Use case-insensitive matching in StandardJarScanner
Product: Tomcat 8
Version: 8.0.5
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: knst.kolinko@gmail.com
>From code review while working on bug 56365, the JAR scanning feature uses
case-sensitive name checks in a number of places:
a) in path.endsWith(Constants.JAR_EXT) check in StandardJarScanner#scan(..)
b) when matching file names in o.a.t.util.file.Matcher
I think it would be better to perform such checks case-insensitively.
(Does this affect QSYS.LIB on AS/400 ?)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 56366] Use case-insensitive matching in StandardJarScanner
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56366
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
OS| |All
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Section 10.5 of the Servlet spec requires that JAR files deployed as part of a
web application have an extension of '.jar'
Tomcat performs all operations relating to static files within web applicaitons
(including JAR files) in a case sensitive manner to avoid security issues
caused by mixing case sensitive and case insensitive matching even on platforms
where the file system is not case sensitive.
Note:
- The JAR file specification explicitly places no limits on the name of a JAR
file.
- File names are case sensitive on most operating systems. Windows is the major
exception.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org