You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/08/13 04:20:19 UTC
svn commit: r1372242 - /tomcat/tc6.0.x/trunk/STATUS.txt
Author: kkolinko
Date: Mon Aug 13 02:20:18 2012
New Revision: 1372242
URL: http://svn.apache.org/viewvc?rev=1372242&view=rev
Log:
veto. It concerns current Tomcat 7 code (r1370537) as well.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372242&r1=1372241&r2=1372242&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 13 02:20:18 2012
@@ -144,7 +144,26 @@ PATCHES PROPOSED TO BACKPORT:
IDs are being encoded as path parameters.
http://svn.apache.org/viewvc?rev=1370537&view=rev
+1: markt, schultz
- -1:
+ -1: kkolinko:
+ Regarding FormAuthenticator.restoreRequest(..):
+ My -1 is because decodedURI is saved into SavedRequest in #saveRequest(..)
+ but is restored into requestURI field in #restoreRequest(..).
+
+ The following are my concerns:
+ 1. The web application protected by FORM auth might have expected path
+ parameters, and now those are lost from requestURI.
+ 2. The decodedURI value is url-decoded in CoyoteAdapter.postParseRequest(..),
+ while requestURI is not. Using one for the other changes behaviour.
+
+ 3. An issue that exists in the old code as well: I wonder why
+ decodedURI value is not restored by restoreRequest(). It looks like a
+ bug. I think an observable consequence is that o.a.c.connector.Request#toAbsolute()
+ will return different values because of different values of decodedURI.
+
+ The BZ 53584 bug is essentially in matchRequest(..) and I agree that it should
+ be changed to compare decodedURI values.
+ Can SavedRequest store both requestURI and decodedURI values and
+ restore both of them?
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
Add support for SSLHonorCipherOrder
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r1372242 - /tomcat/tc6.0.x/trunk/STATUS.txt
Posted by Mark Thomas <ma...@apache.org>.
On 13/08/2012 03:20, kkolinko@apache.org wrote:
> Author: kkolinko
> Date: Mon Aug 13 02:20:18 2012
> New Revision: 1372242
>
> URL: http://svn.apache.org/viewvc?rev=1372242&view=rev
> Log:
> veto. It concerns current Tomcat 7 code (r1370537) as well.
Fair point. I'll get trunk / 7.0.x fixed and update the proposal later
today.
Mark
>
> Modified:
> tomcat/tc6.0.x/trunk/STATUS.txt
>
> Modified: tomcat/tc6.0.x/trunk/STATUS.txt
> URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372242&r1=1372241&r2=1372242&view=diff
> ==============================================================================
> --- tomcat/tc6.0.x/trunk/STATUS.txt (original)
> +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 13 02:20:18 2012
> @@ -144,7 +144,26 @@ PATCHES PROPOSED TO BACKPORT:
> IDs are being encoded as path parameters.
> http://svn.apache.org/viewvc?rev=1370537&view=rev
> +1: markt, schultz
> - -1:
> + -1: kkolinko:
> + Regarding FormAuthenticator.restoreRequest(..):
> + My -1 is because decodedURI is saved into SavedRequest in #saveRequest(..)
> + but is restored into requestURI field in #restoreRequest(..).
> +
> + The following are my concerns:
> + 1. The web application protected by FORM auth might have expected path
> + parameters, and now those are lost from requestURI.
> + 2. The decodedURI value is url-decoded in CoyoteAdapter.postParseRequest(..),
> + while requestURI is not. Using one for the other changes behaviour.
> +
> + 3. An issue that exists in the old code as well: I wonder why
> + decodedURI value is not restored by restoreRequest(). It looks like a
> + bug. I think an observable consequence is that o.a.c.connector.Request#toAbsolute()
> + will return different values because of different values of decodedURI.
> +
> + The BZ 53584 bug is essentially in matchRequest(..) and I agree that it should
> + be changed to compare decodedURI values.
> + Can SavedRequest store both requestURI and decodedURI values and
> + restore both of them?
>
> * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
> Add support for SSLHonorCipherOrder
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org