[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.

2016-07-19 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115

--- Comment #9 from Marco  ---
This option is in all Internet Explorer Version (8,9,10,11) for local and
trusted networks present. The entry name is " Include local directory path when
uploading files to a server". This entry is default enabled for trusted
networks.
I don't need this information. But when the "\" character is removed i has no
chance to extract the correct filename.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Buffer overflow in jk_connect.c::nb_connect

2016-07-19 Thread Rainer Jung 

Am 19.07.2016 um 00:20 schrieb Christopher Schultz:

On 7/18/16 5:48 PM, Rainer Jung wrote:

Am 18.07.2016 um 17:02 schrieb Christopher Schultz:

All,

Michael Deiner found a buffer overflow in the call to FD_SET macro on
line 291 of jk_connect.c:

280>   do {
281>rc = connect(sd, (const struct sockaddr *)>sa.sin,
addr->salen);
282>} while (rc == -1 && errno == EINTR);
283>
284>if ((rc == -1) && (errno == EINPROGRESS || errno == EALREADY)
285>   && (timeout > 0)) {
286>fd_set wfdset;
287>struct timeval tv;
288>socklen_t rclen = (socklen_t)sizeof(rc);
289>
290>FD_ZERO();
*291>FD_SET(sd, );*
292>tv.tv_sec = timeout / 1000;
293>tv.tv_usec = (timeout % 1000) * 1000;
294>rc = select(sd + 1, NULL, , NULL, );

I'd like to fix this so it won't bring-down the server :)

But it quickly gets complicated.

The method itself takes "sd" (a jk_sock_t) as an argument to the
function, and we can check immediately whether it will cause FD_SET to
overflow -- easy: just check to see if the value is too large -- but
what should we do in that case?

This function should be connecting to a back-end Tomcat server, but if
we have too many outbound connections, we'll fail.

I'm not sure it makes any sense to let things get this far.

The proposed solution[1] is to use poll() instead of select(), but that
won't work on every platform, plus I'd like to be able to fix the buffer
overflow right away while we work-out a solution for poll() that will
work in most environments.

I think if the connection_pool_size exceeds FD_SETSIZE we should refuse
to start. Any other behavior will eventually cause errors.


+1 in principal. Unfortunately on Windows it seems the default for
FD_SETSIZE is only 64. That's probably too small but it seems it is
allowed on Windows to increase this limit during compilation:


The variable FD_SETSIZE determines the maximum number of descriptors in
a set. (The default value of FD_SETSIZE is 64, which can be modified by
defining FD_SETSIZE to another value before including Winsock2.h.)
Internally, socket handles in an fd_set structure are not represented as
bit flags as in Berkeley Unix. Their data representation is opaque.



That's ... weird. Okay.


So we should IMHO aim for

a) check connection pool size against FD_SETSIZE and fail during startup
if too big - or we decrease it to the max value and log a warning?


On *NIX, that value cannot reasonably be changed. I think we need to
make all our decisions at compile-time and fail-fast at runtime.


Yes, with "decrease it" I meant decreasing the configured pool size, 
just as you assumed below.



Lowering to a reasonable maximum value is probably okay. I'm not sure
which would be worse: requiring the administrator to fix a configuration
problem before the server can even start (imagine a server that's been
working for years without this config, now it requires some change) or
auto-reconfiguring based upon a value the admin hasn't set.

Actually... in cases where this would have affected users, the result
would have been that everything is fine until there is a buffer
overflow. Hopefully, the buffer overflow is fatal, but it might not be.

So, lowering to a smaller value if connection_pool_size is too big
sounds good to me. Log with severity=WARN is a good option for notification.


b) define 1024 as the compile time FD_SETSIZE on Windows (same value as
the default e.g. on Linux and on 32 Bit Solaris). We already use 250 as
the default connection pool size.


+1


c) allow to increase FD_SETSIZE when building on Windows because it is
supported there.


+1

We probably want something like JK_FD_SETSIZE defaults to 1024 and then
FD_SETSIZE = JK_FD_SETSIZE in the build. I have absolutely no idea how
on earth to do that for our Windows builds.


d) use the existing macro HAVE_POLL to offer a poll based code path if
poll was detected.


I don't think HAVE_POLL is any kind of standard. I poked-around my
Debian Linux environment and HAVE_POLL was defined in a number of header
files, but it was unconditionally-defined to be "1" in files such as
postgresql/pg_config.h, so I think the package-maintainers must have
just said "this system has poll.h, let's just set HAVE_POLL=1 and call
it a day".


It is a define that our mod_jk build system sets when configure is used 
and detects during the configure run, that poll() is available. This 
define is already used in common/jk_connect.c at some places and could 
be used in nb_connect() as well. It only makes sense for platforms where 
configure is being run, ie. not on Windows and Netware, but nb_connect() 
already has different implementation lines for the three platform types 
(Windows, Netware, *Nix).


Using poll() if HAVE_POLL is defined (ie. poll() is available), gives us 
a clean solution on most platforms except Windows, and if we allow to 
increase the FD_SETSIZE on Windows (and choose a sane default ourselves) 
people

[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.

2016-07-19 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115

--- Comment #8 from Konstantin Kolinko  ---
Sending full file path is a rather odd and insecure behaviour. Is this IE 11
not up-to-date, or does this behaviour depend on its security settings (e.g.
server being in trusted network)?

Some links

https://tools.ietf.org/html/rfc6266
https://tools.ietf.org/html/rfc1867
https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#file-upload-state-(type=file)
http://commons.apache.org/proper/commons-fileupload/

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Tomcat Wiki] Update of "FrontPage" by KonstantinKolinko

2016-07-19 Thread Konstantin Kolinko 
2016-07-19 15:08 GMT+03:00 Mark Thomas :
> On 19/07/2016 13:57, Apache Wiki wrote:
>> Dear Wiki user,
>>
>> You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for 
>> change notification.
>>
>> The "FrontPage" page has been changed by KonstantinKolinko:
>> https://wiki.apache.org/tomcat/FrontPage?action=diff=38=39
>>
>> Comment:
>> Use HTTPS url for the image, so that Firefox (47.0.1) does not complain 
>> about an insecure page when accessing wiki with https://
>>
>>   ##language:en
>>   = Welcome to the Apache Tomcat Wiki =
>> - {{http://tomcat.apache.org/images/tomcat.gif}}
>> + {{https://tomcat.apache.org/images/tomcat.gif}}
>
> Protocol relative //tomcat.apache.org/...
>
> Might a better option.
>

Thank you. I tried, but MoinMoin does not recognize such syntax in {{
}} as an image.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko

2016-07-19 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "Specifications" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/Specifications?action=diff=41=42

Comment:
Add link to RFC 6266

  
  === Related Specifications ===
  
- || [[http://tools.ietf.org/html/rfc2617|RFC 2617]] || "HTTP Authentication: 
Basic and Digest Access Authentication"<>It covers BASIC and DIGEST 
authentication methods<>It was updated by 
[[http://tools.ietf.org/html/rfc7235|RFC 7235]]. ||
+ || [[http://tools.ietf.org/html/rfc2617|RFC 2617]] || "HTTP Authentication: 
Basic and Digest Access Authentication"<>It covers BASIC and DIGEST 
authentication methods<><>It was updated by 
[[http://tools.ietf.org/html/rfc7235|RFC 7235]]. ||
  || [[https://tools.ietf.org/html/rfc6265|RFC 6265]] || "HTTP State Management 
Mechanism"<>The specification about cookies. Implemented by 
[[http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html | 
org.apache.tomcat.util.http.Rfc6265CookieProcessor]] that is available since 
Tomcat 8.0.15 and is default with Tomcat 8.5.0 onwards. See also "Cookies" page 
in [[Development|"Development Issues"]].<><>Obsolete specifications: 
[[https://tools.ietf.org/html/rfc2109|RFC2109]], 
[[https://tools.ietf.org/html/rfc2965|RFC 2965]]. ||
+ || [[https://tools.ietf.org/html/rfc6266|RFC 6266]] || "Use of the 
Content-Disposition Header Field in the Hypertext Transfer Protocol 
(HTTP)"<>Content-Disposition header is used by file uploads. See also 
[[https://bz.apache.org/bugzilla/show_bug.cgi?id=59115#c5|Bug 59115]] ||
  
  == AJP ==
  

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Tomcat Wiki] Update of "Specifications" by KonstantinKolinko

2016-07-19 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "Specifications" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/Specifications?action=diff=40=41

Comment:
Add link to Cookies RFC.

  === Related Specifications ===
  
  || [[http://tools.ietf.org/html/rfc2617|RFC 2617]] || "HTTP Authentication: 
Basic and Digest Access Authentication"<>It covers BASIC and DIGEST 
authentication methods<>It was updated by 
[[http://tools.ietf.org/html/rfc7235|RFC 7235]]. ||
+ || [[https://tools.ietf.org/html/rfc6265|RFC 6265]] || "HTTP State Management 
Mechanism"<>The specification about cookies. Implemented by 
[[http://tomcat.apache.org/tomcat-8.0-doc/config/cookie-processor.html | 
org.apache.tomcat.util.http.Rfc6265CookieProcessor]] that is available since 
Tomcat 8.0.15 and is default with Tomcat 8.5.0 onwards. See also "Cookies" page 
in [[Development|"Development Issues"]].<><>Obsolete specifications: 
[[https://tools.ietf.org/html/rfc2109|RFC2109]], 
[[https://tools.ietf.org/html/rfc2965|RFC 2965]]. ||
  
  == AJP ==
  

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Tomcat Wiki] Update of "FrontPage" by KonstantinKolinko

2016-07-19 Thread Mark Thomas 
On 19/07/2016 13:57, Apache Wiki wrote:
> Dear Wiki user,
> 
> You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for 
> change notification.
> 
> The "FrontPage" page has been changed by KonstantinKolinko:
> https://wiki.apache.org/tomcat/FrontPage?action=diff=38=39
> 
> Comment:
> Use HTTPS url for the image, so that Firefox (47.0.1) does not complain about 
> an insecure page when accessing wiki with https://
> 
>   ##language:en
>   = Welcome to the Apache Tomcat Wiki =
> - {{http://tomcat.apache.org/images/tomcat.gif}}
> + {{https://tomcat.apache.org/images/tomcat.gif}}

Protocol relative //tomcat.apache.org/...

Might a better option.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Tomcat Wiki] Update of "FrontPage" by KonstantinKolinko

2016-07-19 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change 
notification.

The "FrontPage" page has been changed by KonstantinKolinko:
https://wiki.apache.org/tomcat/FrontPage?action=diff=38=39

Comment:
Use HTTPS url for the image, so that Firefox (47.0.1) does not complain about 
an insecure page when accessing wiki with https://

  ##language:en
  = Welcome to the Apache Tomcat Wiki =
- {{http://tomcat.apache.org/images/tomcat.gif}}
+ {{https://tomcat.apache.org/images/tomcat.gif}}
  
  This is the Wiki for Apache Tomcat, a Servlet and Java Server Pages container 
developed under the Apache License. The main documentation for this product is 
at [[http://tomcat.apache.org|tomcat.apache.org]]. Below is a list of some 
useful pages: we encourage everyone to contribute to these pages or start new 
ones as desired. But before you do, please check out the main documentation 
site as well as the [[FAQ]] and the 
[[http://tomcat.apache.org/lists.html|mailing lists]] (whose archives are 
searchable).
  

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1753366 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/valves/rewrite/ResolverImpl.java webapps/docs/changelog.xml

2016-07-19 Thread remm 
Author: remm
Date: Tue Jul 19 11:28:17 2016
New Revision: 1753366

URL: http://svn.apache.org/viewvc?rev=1753366=rev
Log:
Compatibility with rewrite from httpd for non existing headers

Modified:
tomcat/tc8.0.x/trunk/   (props changed)

tomcat/tc8.0.x/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Jul 19 11:28:17 2016
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1753365 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/valves/rewrite/ResolverImpl.java webapps/docs/changelog.xml

2016-07-19 Thread remm 
Author: remm
Date: Tue Jul 19 11:25:19 2016
New Revision: 1753365

URL: http://svn.apache.org/viewvc?rev=1753365=rev
Log:
Compatibility with rewrite from httpd for non existing headers

Modified:
tomcat/tc8.5.x/trunk/   (props changed)

tomcat/tc8.5.x/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Jul 19 11:25:19 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747
 
924,1747980,1747993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373,1749465,1749506,1749508,1749665-1749666,1749763,1749865-1749866,1749898,1749978,1749980,1750011,1750015,1750056,1750480,1750617,1750634,1750692,1750697,1750700,1750703,1750707,1750714,1750718,1750723,1750899,1750975,1750995,1751061,1751097,1751438,1751447,1751463,1751702,1752212,1752737,1752745
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745083,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745473,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747

svn commit: r1753363 - in /tomcat/trunk: java/org/apache/catalina/valves/rewrite/ResolverImpl.java webapps/docs/changelog.xml

2016-07-19 Thread remm 
Author: remm
Date: Tue Jul 19 11:20:34 2016
New Revision: 1753363

URL: http://svn.apache.org/viewvc?rev=1753363=rev
Log:
Cleanup.

Modified:
tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java?rev=1753363=1753362=1753363=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java Tue 
Jul 19 11:20:34 2016
@@ -143,10 +143,11 @@ public class ResolverImpl extends Resolv
 @Override
 public String resolveHttp(String key) {
 String header = request.getHeader(key);
-if (header == null)
-return ""; 
-else
+if (header == null) {
+return "";
+} else {
 return header;
+}
 }
 
 @Override

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1753363=1753362=1753363=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Jul 19 11:20:34 2016
@@ -58,6 +58,10 @@
 unexpected initialisation thread and if initilisation is not 
thread-safe
 the initialisation can then fail. (markt)
   
+  
+Compatibility with rewrite from httpd for non existing headers.
+(jfclere)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59115] Part#getSubmittedFileName doesn't work corretly with double quotes in filenames.

2016-07-19 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59115

Mark Thomas  changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |FIXED

--- Comment #7 from Mark Thomas  ---
IE 11 is not specification compliant. As per comment #5, you'll need to raise a
bug with Microsoft in the first instance. In the meantime, you can manually
parse the header yourself with custom rules for IE11 if you need that
information.

If Microsoft refuse to fix the bug then you should open a new enhancement
request for Tomcat to apply special handling in this case. There is no
guarantee that such an enhancement request will be implemented. The Tomcat team
generally does not implement work-arounds for bugs in third-party code.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1753358 - /tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java

2016-07-19 Thread jfclere 
Author: jfclere
Date: Tue Jul 19 09:39:07 2016
New Revision: 1753358

URL: http://svn.apache.org/viewvc?rev=1753358=rev
Log:
It is possible to test for null but for "".
So:
RewriteCond %{HTTP:proxy} .+
RewriteRule  .* - [F]
Now works lik in mod_rewrite.

Modified:
tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java

Modified: tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java?rev=1753358=1753357=1753358=diff
==
--- tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/valves/rewrite/ResolverImpl.java Tue 
Jul 19 09:39:07 2016
@@ -142,7 +142,11 @@ public class ResolverImpl extends Resolv
 
 @Override
 public String resolveHttp(String key) {
-return request.getHeader(key);
+String header = request.getHeader(key);
+if (header == null)
+return ""; 
+else
+return header;
 }
 
 @Override



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59868] HTMLManager's output of host name and IP address is misleading

2016-07-19 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59868

--- Comment #9 from Remy Maucherat  ---
I wasn't fine with changing the output to something like
request.getLocalName(). I am fine with a clarification but it did seem
intuitive enough at this point.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org