You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "John G (JIRA)" <ji...@apache.org> on 2009/02/03 06:28:59 UTC
[jira] Created: (AXIS2-4229)
org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with
the word "policy" in them.
org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy" in them.
---------------------------------------------------------------------------------------------------
Key: AXIS2-4229
URL: https://issues.apache.org/jira/browse/AXIS2-4229
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Components: transports
Affects Versions: 1.2, 1.3, 1.4, 1.4.1
Environment: Linux, but clearly affects all OSes.
Reporter: John G
I have a simple web service that happens to involve policies. Guess what happens when doGet() sees my URL?
https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
// From org.apache.axis2.transport.http.AxisServlet ...
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
query.indexOf("policy") >= 0)) { <=== BUG ====
// handling meta data exchange stuff
agent.processListService(request, response);
....
I can rename my parameter, but the fact that you are searching for an English word ANYWHERE in the query is just wrong, IMHO.
Now I am just worried a customer will use my web service and happen to name something "policy-xyz".
Are there any other reserved words I need to know about?!?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AXIS2-4229)
org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with
the word "policy" in them.
Posted by "Andreas Veithen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Veithen reassigned AXIS2-4229:
--------------------------------------
Assignee: Andreas Veithen
> org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy" in them.
> ---------------------------------------------------------------------------------------------------
>
> Key: AXIS2-4229
> URL: https://issues.apache.org/jira/browse/AXIS2-4229
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.4.1, 1.4, 1.3, 1.2
> Environment: Linux, but clearly affects all OSes.
> Reporter: John G
> Assignee: Andreas Veithen
>
> I have a simple web service that happens to involve policies. Guess what happens when doGet() sees my URL?
> https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
> // From org.apache.axis2.transport.http.AxisServlet ...
> protected void doGet(HttpServletRequest request,
> HttpServletResponse response) throws ServletException, IOException {
> if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
> query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
> query.indexOf("policy") >= 0)) { <=== BUG ====
> // handling meta data exchange stuff
> agent.processListService(request, response);
> ....
> I can rename my parameter, but the fact that you are searching for an English word ANYWHERE in the query is just wrong, IMHO.
> Now I am just worried a customer will use my web service and happen to name something "policy-xyz".
> Are there any other reserved words I need to know about?!?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AXIS2-4229)
org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with
the word "policy" in them.
Posted by "Andreas Veithen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12669899#action_12669899 ]
Andreas Veithen commented on AXIS2-4229:
----------------------------------------
This is indeed not acceptable and needs to be fixed.
> org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy" in them.
> ---------------------------------------------------------------------------------------------------
>
> Key: AXIS2-4229
> URL: https://issues.apache.org/jira/browse/AXIS2-4229
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.4.1, 1.4, 1.3, 1.2
> Environment: Linux, but clearly affects all OSes.
> Reporter: John G
> Assignee: Andreas Veithen
>
> I have a simple web service that happens to involve policies. Guess what happens when doGet() sees my URL?
> https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
> // From org.apache.axis2.transport.http.AxisServlet ...
> protected void doGet(HttpServletRequest request,
> HttpServletResponse response) throws ServletException, IOException {
> if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
> query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
> query.indexOf("policy") >= 0)) { <=== BUG ====
> // handling meta data exchange stuff
> agent.processListService(request, response);
> ....
> I can rename my parameter, but the fact that you are searching for an English word ANYWHERE in the query is just wrong, IMHO.
> Now I am just worried a customer will use my web service and happen to name something "policy-xyz".
> Are there any other reserved words I need to know about?!?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AXIS2-4229)
org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with
the word "policy" in them.
Posted by "John G (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12670221#action_12670221 ]
John G commented on AXIS2-4229:
-------------------------------
Wow, that was fast. Thanks! After making a patch jar file, it appears to work.
> org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy" in them.
> ---------------------------------------------------------------------------------------------------
>
> Key: AXIS2-4229
> URL: https://issues.apache.org/jira/browse/AXIS2-4229
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.4.1, 1.4, 1.3, 1.2
> Environment: Linux, but clearly affects all OSes.
> Reporter: John G
> Assignee: Andreas Veithen
> Fix For: 1.5
>
>
> I have a simple web service that happens to involve policies. Guess what happens when doGet() sees my URL?
> https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
> // From org.apache.axis2.transport.http.AxisServlet ...
> protected void doGet(HttpServletRequest request,
> HttpServletResponse response) throws ServletException, IOException {
> if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
> query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
> query.indexOf("policy") >= 0)) { <=== BUG ====
> // handling meta data exchange stuff
> agent.processListService(request, response);
> ....
> I can rename my parameter, but the fact that you are searching for an English word ANYWHERE in the query is just wrong, IMHO.
> Now I am just worried a customer will use my web service and happen to name something "policy-xyz".
> Are there any other reserved words I need to know about?!?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AXIS2-4229)
org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with
the word "policy" in them.
Posted by "Andreas Veithen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-4229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Veithen resolved AXIS2-4229.
------------------------------------
Resolution: Fixed
Fix Version/s: 1.5
Fixed in trunk.
> org.apache.axis2.transport.http.AxisServlet.doGet() mishandles URLs with the word "policy" in them.
> ---------------------------------------------------------------------------------------------------
>
> Key: AXIS2-4229
> URL: https://issues.apache.org/jira/browse/AXIS2-4229
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Components: transports
> Affects Versions: 1.4.1, 1.4, 1.3, 1.2
> Environment: Linux, but clearly affects all OSes.
> Reporter: John G
> Assignee: Andreas Veithen
> Fix For: 1.5
>
>
> I have a simple web service that happens to involve policies. Guess what happens when doGet() sees my URL?
> https://myserver/mywebapp/services/PolicyService/executePolicy?policyId=123
> // From org.apache.axis2.transport.http.AxisServlet ...
> protected void doGet(HttpServletRequest request,
> HttpServletResponse response) throws ServletException, IOException {
> if ((query != null) && (query.indexOf("wsdl2") >= 0 ||
> query.indexOf("wsdl") >= 0 || query.indexOf("xsd") >= 0 ||
> query.indexOf("policy") >= 0)) { <=== BUG ====
> // handling meta data exchange stuff
> agent.processListService(request, response);
> ....
> I can rename my parameter, but the fact that you are searching for an English word ANYWHERE in the query is just wrong, IMHO.
> Now I am just worried a customer will use my web service and happen to name something "policy-xyz".
> Are there any other reserved words I need to know about?!?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.