gt; >
> > I think we should leave Tomcat as it currently is in 3.2.3. If
> you need to
> > pass data to a servlet in the URL and that data *must not* be
> susceptible to
> > URL normalization then the data *must* be in the query string.
> >
> > Marc Saegesser
lization then the data *must* be in the query string.
>
> Marc Saegesser
>
> > -Original Message-
> > From: Jason Hunter [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, August 27, 2001 8:45 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Tomcat 3.2.3 and getPath
ust* be in the query string.
Marc Saegesser
> -Original Message-
> From: Jason Hunter [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 27, 2001 8:45 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Tomcat 3.2.3 and getPathInfo
>
>
> Marc Saegesser wrote:
> >
&
Marc Saegesser wrote:
>
> Using Apache 1.3.19 here's what I see. Apache does normalize the URL but
> there is a small difference between what it does and what Tomcat does.
> Apache does not remove multiple adjacent / characters. For example,
>
> http://server/cgi-bin/script/fu/bar --> PATH_INF
;m still waiting to hear back from the servlet expert group about
whether the normalization plans are going into the specification.
Marc Saegesser
> -Original Message-
> From: Jason Hunter [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 27, 2001 12:25 AM
> To: [EMAIL PROTECTE
On Sun, Aug 26, 2001 at 10:24:30PM -0700, Jason Hunter wrote:
> So what does the Apache Web Server do for PATH_INFO on a request to
> http://foo.com/cgi-bin/somecgi/http://extra.com?
Ask for /index.html/http://extra.com with httpd-2.0, it strips out the
second /.
(gdb) print r->path_info
$5 = 0x
> > > This is even worse because we also won't allow the URL to be
> > encoded like
> > >
> > > http://localhost:8080/servlet/SnoopServlet/http:%2F%2Ffubar
> > >
> > > because we make some rather draconian precautions to ensure that nastily
> > > encoded URLs can't obtain access to protected resou
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 24, 2001 11:50 AM
> To: '[EMAIL PROTECTED]'
> Cc: [EMAIL PROTECTED]
> Subject: RE: Tomcat 3.2.3 and getPathInfo
>
>
> On Fri, 24 Aug 2001, Larry Is
On Fri, 24 Aug 2001, Larry Isaacs wrote:
> In case in matters, RFC 1630 states that:
>
> PATH
>
> The rest of the URI follows the colon in a format
> depending on the scheme. The path is interpreted
> in a manner dependent on the protocol being used.
> However, when it c
On Thu, 23 Aug 2001, Jason Hunter wrote:
> Hmm... I wonder if Tomcat has the right to make illegal what HTTP would
> allow?
My understanding is that a URL _can_ be transformed - and all servers are
normalizing it before matching.
The problem is that the servlet spec defines the mappings in a ve
ssage-
> From: Marc Saegesser [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 24, 2001 9:24 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: Tomcat 3.2.3 and getPathInfo
>
>
> Comments in line.
>
>
> Marc Saegesser
>
> > -Origi
Comments in line.
Marc Saegesser
> -Original Message-
> From: Jason Hunter [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 23, 2001 11:32 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Tomcat 3.2.3 and getPathInfo
>
>
> Marc Saegesser
Marc Saegesser wrote:
>
> I just tried this using the SnoopServlet that ships with Tomcat using a URL
> like
>
> http://localhost:8080/servlet/SnoopServlet/http://fubar
>
> and got
>
> /http:/fubar
>
> as the path info. Your description makes it look like your losing http: in
> addition to t
:[EMAIL PROTECTED]]
> Sent: Thursday, August 23, 2001 5:00 PM
> To: [EMAIL PROTECTED]
> Subject: Tomcat 3.2.3 and getPathInfo
>
>
> It seems that Tomcat 3.2.3 has a bug (a regression) that hits my book's
> Example 5-5. See:
>
> http://www.servlets.com/jservlet2/exampl
It seems that Tomcat 3.2.3 has a bug (a regression) that hits my book's
Example 5-5. See:
http://www.servlets.com/jservlet2/examples/ch05/index.html#ex05_05
The bug is that for the following URL:
http://www.servlets.com/jservlet2/examples/ch05/goto/http://www.servlets.com
the goto servlet sho
15 matches
Mail list logo
