DO NOT REPLY [Bug 24197] - adding an extra slash in a mod_jk url circumvents tomcat (form) login authentication

bugzilla Sun, 02 Nov 2003 16:27:44 -0800

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24197>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.


http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24197

adding an extra slash in a mod_jk url circumvents tomcat (form) login authentication





------- Additional Comments From [EMAIL PROTECTED]  2003-11-02 23:23 -------
Well, I've done some source tracking in mod_jk 1.2.5. The problem is in
apache-1.3/mod_jk.c:1822. There, a copy of r->uri is made to local pointer
'uri'. All de-double-slashing happens to the copy of r->uri, not to r->uri
itself. I   added ap_no2slash(r->uri); after line 1824 and all went well.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 24197] - adding an extra slash in a mod_jk url circumvents tomcat (form) login authentication

Reply via email to