You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jmeter-dev@jakarta.apache.org by bu...@apache.org on 2009/02/10 23:56:12 UTC
DO NOT REPLY [Bug 46690] New: handling of 302 redirects with invalid
relative paths
https://issues.apache.org/bugzilla/show_bug.cgi?id=46690
Summary: handling of 302 redirects with invalid relative paths
Product: JMeter
Version: 2.3.2
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: HTTP
AssignedTo: jmeter-dev@jakarta.apache.org
ReportedBy: john.hare@doit.wisc.edu
When JMeter submits the following request:
http://www.website.edu/MasterIncludes/toaspnet.asp?dest=c_tmodule/tm_step1.aspx
And receives a response as follows (note the double "../../"):
HTTP/1.x 302 Object moved
Location:
../../wiscareers_net/tonet.axd?dest=c_tmodule/tm_step1.aspx&id=bbuI5wrZ12Y=&
And it's set to follow redirects, JMeter will follow up with a request
to the URL:
http://www.website.edu/../wiscareers_net/tonet.axd?dest=c_tmodule/tm_step1.aspx&id=bbuI5wrZ12Y=&
Which is an invalid URL.
Real browsers (Firefox, IE, Safari) will redirect to:
http://www.website.edu/wiscareers_net/tonet.axd?dest=c_tmodule/tm_step1.aspx&id=bbuI5wrZ12Y=&
This is an enhancement request such that JMeter will handle these relative URLs
in the same manner as the primary browsers handle them.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 46690] handling of 302 redirects with invalid
relative paths
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46690
Sebb <se...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Sebb <se...@apache.org> 2009-04-03 04:36:01 PST ---
URL: http://svn.apache.org/viewvc?rev=761626&view=rev
Log:
Bug 46690 - handling of 302 redirects with invalid relative paths.
JMeter now removes extraneous leading "../" segments (as do many browsers)
It will be in nightlies after r76162 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=76162 )
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 46690] handling of 302 redirects with invalid
relative paths
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46690
Jason Barnabe <ja...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jason.barnabe@gmail.com
--- Comment #1 from Jason Barnabe <ja...@gmail.com> 2009-03-06 12:38:20 PST ---
This is not limited to redirects. It also happens with URLs entered directly
and those loaded via "Retrieve All Embedded Resources from HTML files".
When loading relative URLs, Firefox, IE, and others will resolve to an absolute
URL before making the request, so if you enter "http://example.com/a/..", they
will attempt to load "http://example.com/". JMeter, on the other hand, will
attempt to load "http://example.com/a/..". In this case, both URLs work, so
there's no issue. But in the case of "http://example.com/../", the browsers
will notice the error and correct it to "http://example.com/" before sending,
while JMeter won't and will receive a 400 from the server.
RFC 2396 (http://www.ietf.org/rfc/rfc2396.txt) section 5.2 provided an example
algorithm for resolving relative references.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org
DO NOT REPLY [Bug 46690] handling of 302 redirects with invalid
relative paths
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46690
--- Comment #2 from Sebb <se...@apache.org> 2009-04-03 03:45:21 PST ---
JMeter currently uses new URL(baseURL, location) to handle the references.
This behaves correctly according to RFC2396, which states:
5.2.
<snip/>
g) If the resulting buffer string still begins with one or more
complete path segments of "..", then the reference is
considered to be in error. Implementations may handle this
error by retaining these components in the resolved path (i.e.,
treating them as part of the final URI), by removing them from
the resolved path (i.e., discarding relative levels above the
root), or by avoiding traversal of the reference.
Java takes the first option, i.e. it leaves the component in the resolved path.
It seems that browsers take the second option, i.e. discarding extra levels.
JMeter will need to perform further processing to remove any additional
relative levels.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org