You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/08/13 04:20:19 UTC

svn commit: r1372242 - /tomcat/tc6.0.x/trunk/STATUS.txt

Author: kkolinko
Date: Mon Aug 13 02:20:18 2012
New Revision: 1372242

URL: http://svn.apache.org/viewvc?rev=1372242&view=rev
Log:
veto. It concerns current Tomcat 7 code (r1370537) as well.

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372242&r1=1372241&r2=1372242&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 13 02:20:18 2012
@@ -144,7 +144,26 @@ PATCHES PROPOSED TO BACKPORT:
   IDs are being encoded as path parameters.
   http://svn.apache.org/viewvc?rev=1370537&view=rev
   +1: markt, schultz
-  -1:
+  -1: kkolinko:
+     Regarding FormAuthenticator.restoreRequest(..):
+     My -1 is because decodedURI is saved into SavedRequest in #saveRequest(..)
+     but is restored into requestURI field in #restoreRequest(..).
+
+     The following are my concerns:
+     1. The web application protected by FORM auth might have expected path
+     parameters, and now those are lost from requestURI.
+     2. The decodedURI value is url-decoded in CoyoteAdapter.postParseRequest(..),
+     while requestURI is not. Using one for the other changes behaviour.
+
+     3. An issue that exists in the old code as well: I wonder why
+     decodedURI value is not restored by restoreRequest(). It looks like a
+     bug. I think an observable consequence is that o.a.c.connector.Request#toAbsolute()
+     will return different values because of different values of decodedURI.
+
+     The BZ 53584 bug is essentially in matchRequest(..) and I agree that it should
+     be changed to compare decodedURI values.
+     Can SavedRequest store both requestURI and decodedURI values and
+     restore both of them?
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
   Add support for SSLHonorCipherOrder



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: svn commit: r1372242 - /tomcat/tc6.0.x/trunk/STATUS.txt

Posted by Mark Thomas <ma...@apache.org>.

On 13/08/2012 03:20, kkolinko@apache.org wrote:
> Author: kkolinko
> Date: Mon Aug 13 02:20:18 2012
> New Revision: 1372242
> 
> URL: http://svn.apache.org/viewvc?rev=1372242&view=rev
> Log:
> veto. It concerns current Tomcat 7 code (r1370537) as well.

Fair point. I'll get trunk / 7.0.x fixed and update the proposal later
today.

Mark


> 
> Modified:
>     tomcat/tc6.0.x/trunk/STATUS.txt
> 
> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372242&r1=1372241&r2=1372242&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
> +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 13 02:20:18 2012
> @@ -144,7 +144,26 @@ PATCHES PROPOSED TO BACKPORT:
>    IDs are being encoded as path parameters.
>    http://svn.apache.org/viewvc?rev=1370537&view=rev
>    +1: markt, schultz
> -  -1:
> +  -1: kkolinko:
> +     Regarding FormAuthenticator.restoreRequest(..):
> +     My -1 is because decodedURI is saved into SavedRequest in #saveRequest(..)
> +     but is restored into requestURI field in #restoreRequest(..).
> +
> +     The following are my concerns:
> +     1. The web application protected by FORM auth might have expected path
> +     parameters, and now those are lost from requestURI.
> +     2. The decodedURI value is url-decoded in CoyoteAdapter.postParseRequest(..),
> +     while requestURI is not. Using one for the other changes behaviour.
> +
> +     3. An issue that exists in the old code as well: I wonder why
> +     decodedURI value is not restored by restoreRequest(). It looks like a
> +     bug. I think an observable consequence is that o.a.c.connector.Request#toAbsolute()
> +     will return different values because of different values of decodedURI.
> +
> +     The BZ 53584 bug is essentially in matchRequest(..) and I agree that it should
> +     be changed to compare decodedURI values.
> +     Can SavedRequest store both requestURI and decodedURI values and
> +     restore both of them?
>  
>  * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
>    Add support for SSLHonorCipherOrder
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org