> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm > list-help: <mailto:[EMAIL PROTECTED]> > list-unsubscribe: <mailto:[EMAIL PROTECTED]> > list-post: <mailto:[EMAIL PROTECTED]> > Delivered-To: mailing list [EMAIL PROTECTED] > From: Larry Isaacs <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: RE: to trim or not to trim (was Re: cvs commit: jakarta-tomcat/sr c/share/org/apache/tomcat/util FileUtil.java) > X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N > > > The trim() was removed to fix a security vulnerability that can > occur if the URL ends with ".jsp%20". This results in the JSP > being served statically. See Bugzilla Bug #748. > > Where would valid spaces or CRLF come from? Perhaps we can look > for a better place to trim them. Doing this in patch() means > that some portions of Tomcat will see a request that is > technically different from what other portions see. I will remove the 'trim()' call. Arieh > > Cheers, > Larry > > > > > Have you seen any problem with the current version ? > > > > Other opinions ? > > > > Thanks, > > > > Arieh > > > > > > > > Yoshiyuki Karezaki [EMAIL PROTECTED] > > > > -- > > Arieh Markel Sun Microsystems Inc. > > Network Storage 500 Eldorado Blvd. MS > > UBRM11-194 > > e-mail: [EMAIL PROTECTED] Broomfield, CO 80021 > > Pray for snow !!!! Phone: (303) 272-8547 x78547 > > (e-mail me with subject SEND PUBLIC KEY to get public key) > > -- Arieh Markel Sun Microsystems Inc. Network Storage 500 Eldorado Blvd. MS UBRM11-194 e-mail: [EMAIL PROTECTED] Broomfield, CO 80021 Pray for snow !!!! Phone: (303) 272-8547 x78547 (e-mail me with subject SEND PUBLIC KEY to get public key)
