You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2012/08/21 00:29:40 UTC
[Bug 53469] possible bug in Response.normalize(CharChunk cc)
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #17 from wanshoupu@hotmail.com ---
(In reply to comment #16)
> I have fixed the IAE in trunk and 7.0.x.
>
> I am leaving this open while I wait for clarification from the Servlet EG as
> to how relative URLs passed to encodeURL should be treated.
>
> See http://java.net/jira/browse/SERVLET_SPEC-43
Tomcat needs to be patched to catch a normalization failure and simply not
encode the URL in that case.
I totally agree with this solution. Has it been so fixed anywhere?
My webapplication generated something like this:
https://localhost:3443/vcbs/../../../../../?wicket:interface=:18::::
which absolutely failed the 'within-server-root' test after normalization.
I look forward to this being patched in Tomcat.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org