RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util RequestUtil.java

[Larry Isaacs]

> I found the handleContextNotFound method that also output HTML codes
> in ContextManager.java (but I don't know this method is used in the
> current version).
> 

I committed this fix.  Thanks for letting us know.

> >    class RedirectHandler extends ServletWrapper {
> >   @@ -459,7 +460,7 @@
> >         append("</h1>\r\n").
> >         
> append(sm.getString("defaulterrorpage.thisdocumenthasmoved")).
> >         append(" <a href=\"").
> >   -     append(location).
> >   +     append(RequestUtil.filter(location)).
> >         append("\">here</a>.<p>\r\n</body>\r\n");
> 
> This "location" variable is used as a href attribute value of an "a"
> element. In general, URL encode is done instead of HTML encode(?).
> 

The "location" is supposed to already be encoded, so encoding again
would do harm.  If it is encoded, RequestUtil.filter() shouldn't
need to change anything, so I didn't change this one.

Cheers,
Larry