You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2017/02/27 17:54:22 UTC
[Bug 60781] New: Access Log Valve does not escape the same as
mod_log_config
https://bz.apache.org/bugzilla/show_bug.cgi?id=60781
Bug ID: 60781
Summary: Access Log Valve does not escape the same as
mod_log_config
Product: Tomcat 8
Version: 8.5.11
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: james@howeswho.co.uk
Target Milestone: ----
It is my understanding that the log format is supposed to match apache2.
However, escaping is not the same.
As a concrete example, if there is a " in the User-Agent and you use the
combined format, apache2 gives
127.0.0.1 - - [27/Feb/2017:14:31:48 +0000] "GET / HTTP/1.1" 401 17277 "-"
"Agent \"Test\""
While Tomcat gives
127.0.0.1 - - [27/Feb/2017:14:31:48 +0000] "GET / HTTP/1.1" 401 17277 "-"
"Agent "Test""
The latter cannot be parsed safely.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60781] Access Log Valve does not escape the same as
mod_log_config
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60781
--- Comment #1 from Felix Schumacher <fe...@internetallee.de> ---
Created attachment 34787
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34787&action=edit
Escape characters like httpd
I am not sure about the correct handling of chars with values out of the ASCII
range. I believe they are double encoded now.
But quotes and alike should be escaped correctly.
My first thought was to combine this escaping with ExtendedAccessLogValve, but
it seems, that the quotes are explicitly coded as "" instead of \".
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60781] Access Log Valve does not escape the same as
mod_log_config
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60781
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Fixed in:
- 10.0.x for 10.0.1 onwards
- 9.0.x for 9.0.42 onwards
- 8.5.x for 8.5.62 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60781] Access Log Valve does not escape the same as
mod_log_config
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60781
Felix Schumacher <fe...@internetallee.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #34787|0 |1
is obsolete| |
--- Comment #2 from Felix Schumacher <fe...@internetallee.de> ---
Created attachment 34788
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34788&action=edit
Escape characters like httpd
Use ISO-8859-1 to decode String into bytes.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60781] Access Log Valve does not escape the same as
mod_log_config
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60781
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Using Felix's patch as a starting point, I've put together this PR:
https://github.com/apache/tomcat/pull/384
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org