> I had a few spare minutes so I went ahead and grabbed last night's build. > > I ran it on Red Hat Linux 7.2 and can confirm the report. > > Requesting foo.jsp%00.txt gets you the source. > > Requesting foo.jsp%00 gets you a strange page that includes some html > widgets and some of the jsp source too. Surprising (at least to me) and > ugly.
Thanks. Since the problem is real, I've put in a fix (it will return 400 the way 4.0.x does). I'm not sure why it happens though. I think because the file extension is ".jsp\0", it gets mapped to the default servlet, which would then attempt to serve the resource. On Windows, I was getting a 404, so my guess is that it was trying to get 'foo.jsp\0' (and failing correctly), while on Unix the file would be found (somehow). Remy -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
