Hi, 2015-04-21 5:29 GMT+02:00 Sergiu Dumitriu <[email protected]>:
> On 04/04/2015 01:46 AM, Eduard Moraru wrote: > > > > IMO, the ID (if this is what you refer to as resource name) should always > > be between 2 "/"es. If the resource name contains a "/" itself, then it > > should be URL escaped by the caller. > > Don't forget that escaped / is not allowed in URLs by default by both > HTTPD and Tomcat. > As there can be both / and \ in the page name, this security feature has to be always disabled (for Tomcat it's -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true), so this shouldn't matter anyway. -- Best Regards Lukáš Raška _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
