Hi Bill,
billbarker02/04/16 22:49:59
Modified:catalina/src/share/org/apache/catalina/core
ApplicationHttpRequest.java
catalina/src/share/org/apache/catalina/servlets
DefaultServlet.java
Log:
Attempt to port the
, but the problem and proposed
fix are too complex to explain in just a few lines.
Best regards
Andreas Junghans
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Hi Remy,
As I stated in the comments of the bug, I don't agree with your
interpretation about the JSP displaying code.
Sorry again for not making myself clear. To put it exact (I hope ...):
There are cases in complex include/forward scenarios where Tomcat serves
JSPs as static resources. So
Hi Remy,
I actually tried the test case (I guess I should have tried it before
...),
and it didn't do what I thought it would do. This does not qualify as a
security issue by my book, though (it is recommended to test your
application before putting it in production).
Now I have a simple
. Until now, I've only added an attribute for the servlet path (and not
path info etc.) and a check for it in JspServlet.
Thanks for your time
Andreas Junghans
PS Maybe this bug is also present in Tomcat 3.3 (haven't tested that).
bugtest.war
Description: Binary data
--
To unsubscribe, e
would be
better. Does it help using PureTLS?
Best regards
Andreas Junghans
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
think you can sell img../ (or other html tags) to Jasper as custom
tags without a namespace prefix: xyz:img.../. And this looks _really_
ugly!
Best regards
Andreas Junghans
PS Sorry for being so lengthy, it's a bad habit of mine ...
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED
Hi Bojan,
you can use JavaMail for that. Below is a code snippet that extracts all the
parts of the form data (probably could need some cleanup though). I don't
know if this solution works under all circumstances, but we're using it
regularly with no problems so far.
Best regards
Andreas
are raised when calling methods like sendRedirect() afterwards).
Although this is highly unlikely, you have to simulate these effects in
your wrapper if you want to be _absolutely_ sure your application runs in
every container.
Regards
Andreas Junghans
--
To unsubscribe, e-mail: mailto
.(FH) Andreas Junghans
Steinbeis-Transferzentrum Industrielle Datenverarbeitung und Automation
Moltkestrasse 30 - 76133 Karlsruhe
Fon.: +49-721-925-1485 --- Fax: +49-721-925-1488
email: [EMAIL PROTECTED] (privat: [EMAIL PROTECTED
10 matches
Mail list logo