You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2020/05/25 13:32:56 UTC

[Bug 64470] ALLOW_ENCODED_SLASH property doesn't work with 9.0.35 anymore

https://bz.apache.org/bugzilla/show_bug.cgi?id=64470

Remy Maucherat <re...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Remy Maucherat <re...@apache.org> ---
I thought 9 had kept the system property, but that doesn't seem to be the case
in the code path that is actually used. You should plan to migrate to the new
option though, DECODE corresponds to the old behavior when the system property
was set to true.

Most likely this patch will restore support for the system property, will see
if it's ok to add it back:
--- a/java/org/apache/tomcat/util/buf/UDecoder.java
+++ b/java/org/apache/tomcat/util/buf/UDecoder.java
@@ -140,7 +140,7 @@

                 j+=2;
                 int res=x2c( b1, b2 );
-                if (res == '/') {
+                if (res == '/' && !ALLOW_ENCODED_SLASH) {
                     switch (encodedSolidusHandling) {
                     case DECODE: {
                         buff[idx]=(byte)res;

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org