[Bug 61201] CGIServlet adds too much to the SCRIPT_NAME environment variable if script followed by extra path

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61201

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Hmm. The CGI servlet isn't designed to be mapped that way. I'm a little
surprised it even worked.

The docs aren't clear on what is expected to work and what isn't.

The script finding logic appears depend on what sort of mapping is used. The
new getHttpServletMapping() in Servlet 4.0 may enable a wider range of mappings
to be supported.

I need to dig into this some more. At the moment, the minimum I anticipate
doing is:
- documented which mapping styles are supported and which are not
- updating the checks in 9.0.x (and 8.5.x since the Servlet 4.0 functionality
is back-ported) to reject requests using unsupported mapping types.

At best, I'll add support for all mapping types and document each.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org