https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #17 from Michael Osipov ---
Guys, where is the explanation for the WONTFIX status?
--
You are receiving this mail because:
You are the assignee for the bug.
-
To
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #16 from Guido Jäkel ---
(In reply to Mark Thomas from comment #15)
> Please stop changing the resolution of this issue. The correct resolution is
> WONTFIX.
Sorry, but I don't change it by intention.
(In reply to Guido Jäkel
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
Mark Thomas changed:
What|Removed |Added
Resolution|FIXED |WONTFIX
--- Comment #15 from Mark
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #14 from Rainer Jung ---
(In reply to Mark Thomas from comment #9)
> What you are asking for is logically impossible. If mod_jk sees the sequence
> "%2F" it has no way to determine if this is the result of decoding "%252F"
> or not
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #13 from Guido Jäkel ---
(In reply to Rainer Jung from comment #11)
> Hi Guido,
>
> I didn't have the time to follow the discussoin in detail, but would using
>
> AllowEncodedSlashes NoDecode
>
> help in any way?
>
Dear
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #12 from Guido Jäkel ---
Dear Mark,
I miss something important about the "directory traversal": If is set
"AllowEncodedSlashes NoEncode" and "JkOptions +ForwardURICompatUnparsed", then
with the example setup, the URI
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #11 from Rainer Jung ---
Hi Guido,
I didn't have the time to follow the discussoin in detail, but would using
AllowEncodedSlashes NoDecode
help in any way?
I think we as just one module can not simply define our special
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
Guido Jäkel changed:
What|Removed |Added
Resolution|WONTFIX |FIXED
--- Comment #10 from Guido Jäkel
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
Mark Thomas changed:
What|Removed |Added
Resolution|FIXED |WONTFIX
--- Comment #9 from Mark Thomas
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
Guido Jäkel changed:
What|Removed |Added
Resolution|WONTFIX |FIXED
--- Comment #8 from Guido Jäkel
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
Mark Thomas changed:
What|Removed |Added
Resolution|--- |WONTFIX
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #6 from Guido Jäkel ---
(In reply to Mark Thomas from comment #5)
> Thanks. I see what you are trying to do now. This is going to be an
> interesting problem to solve. I suspect that it will require fixes / changes
> in multiple
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #5 from Mark Thomas ---
Thanks. I see what you are trying to do now. This is going to be an interesting
problem to solve. I suspect that it will require fixes / changes in multiple
components.
For those following along, take a
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #4 from Guido Jäkel ---
(In reply to Mark Thomas from comment #3)
> Can you please provide an example of a URI presented by a client that
> demonstrates this issue.
Dear Mark,
A real world example is
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #3 from Mark Thomas ---
Can you please provide an example of a URI presented by a client that
demonstrates this issue.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #2 from Guido Jäkel ---
Created attachment 35991
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35991=edit
proposed patch to avoid double encoding of an encoded slash
I propose the attached patch. It will skip over the
https://bz.apache.org/bugzilla/show_bug.cgi?id=62459
--- Comment #1 from Guido Jäkel ---
I think the issue have to be handled within native/common/jk_url.c , L.116ff.
at function jk_canonenc().
Here, the percent sign isn't in "allowed", therefore it will be escaped.
But concerning the issue,
17 matches
Mail list logo