IIRC, HttpServletRequest.getQueryString() should provide the query
string you desire.
-Tim
Bill Higgins wrote:
On Tue, Apr 28, 2009 at 3:19 AM, Mark Thomas <ma...@apache.org> wrote:
Bill Higgins wrote:
We have a servlet that acts as a proxy to other URLs from different
origins. E.g. via your web app you could get to the Google home page
via a URL like:
http://localhost/myapp/proxy/http%3A%2F%2Fwww.google.com%2F
Using this URL pattern, we immediately hit the Tomcat "noSlash"
restriction (Directory traversal CVE-2007-0450) and in order for our
proxy to work we have to set the environment variable
org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH to true.
A better workaround might be to pass the required URL as a query parameter.
Thanks for the idea. Although this breaks our current users, we're
still in an early enough phase of development that they will probably
be able to contain it.
The only technical downside of this technique that I can see is that
there appears to be no way to get the encoded content of a request
parameter. When using the path, I could use
HttpServletRequest.html#getRequestURI to get the encoded (or
un-decoded) form of the URI but I see no similar capability for
request parameters - any ideas?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
