Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm RealmBase.java

Fri, 12 Dec 2003 01:40:25 -0800 

----- Original Message ----- 
From: "Remy Maucherat" <[EMAIL PROTECTED]>
To: "Tomcat Developers List" <[EMAIL PROTECTED]>
Sent: Thursday, December 11, 2003 11:55 PM
Subject: Re: cvs commit:
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/realm
RealmBase.java


> Remy Maucherat wrote:
>
> > Bill Barker wrote:
> >
> >> N.B. The Filter mapping code looks broken to me.  It looks like if I
> >> have a
> >> mapping for a url-pattern '*.jsp' that has
> >> <dispatcher>INCLUDE</dispatcher>,
> >> then it will incorrectly match a <jsp:include page="header.jspf" />.
> >>
> >> However, I haven't actually tested it. :).
> >
> >
> > I think there's an extra check for that case (this problem existed
> > previously). I'll check.
>
> I confirm that revision 1.10 of the filter factory fixed this.
>
> RCS file:
>
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/cor
e/ApplicationFilterFactory.java,v
> retrieving revision 1.9
> retrieving revision 1.10
> diff -r1.9 -r1.10
> 292c292,294
> <                 && (period != requestPath.length() - 1)) {
> ---
>  >                 && (period != requestPath.length() - 1)
>  >                 && ((requestPath.length() - period)
>  >                     == (testPath.length() - 1))) {
>
> So it compares the two extensions length, and was bug 22546.
>

So it does.  Apologies for misreading the code (and wasting your time).  And
it seems that through the magic of cut-and-paste, I've got the exact same
logic in the current security-constraint code ;).

> Rémy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to