Sorry, Clicked the wrong button. :) To finish the thought, with the change below, does
http://localhost/test%2F/test.jsp still go to Tomcat? Or is it blocked from going to Tomcat because it is a "bad" URL. If it doesn't go to Tomcat, how do we know some other filter in the chain isn't going to serve it statically? Larry > -----Original Message----- > From: Larry Isaacs > Sent: Tuesday, February 04, 2003 8:17 PM > To: Tomcat Developers List > Subject: RE: cvs commit: > jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c > > > Hi Nacho, > > My brain is isn't firing on all cylinders at the moment, > but this makes me a little nervous. I think some of the > problems in the past have been where malicious escaping > would prevent request from being forwarded to Tomcat, and > would be served statically. > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, February 04, 2003 3:46 PM > > To: [EMAIL PROTECTED] > > Subject: cvs commit: > > jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c > > > > > > nacho 2003/02/04 12:45:50 > > > > Modified: jk/native2/server/isapi jk_isapi_plugin.c > > Log: > > Fix for Bug#16759 ISAPI_REDIRECTOR Handles %2F improperly > > > > Now a uri considered not valid or bad by jk2 is passed down > > the filter chain, > > so letting the server continue processing, also relaxed > > logging to info as > > they are not errors anymore.. > > > > Revision Changes Path > > 1.54 +10 -6 > > jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c > > > > Index: jk_isapi_plugin.c > > > =================================================================== > > RCS file: > > /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk > > _isapi_plugin.c,v > > retrieving revision 1.53 > > retrieving revision 1.54 > > diff -u -r1.53 -r1.54 > > --- jk_isapi_plugin.c 4 Feb 2003 07:44:23 -0000 1.53 > > +++ jk_isapi_plugin.c 4 Feb 2003 20:45:49 -0000 1.54 > > @@ -316,20 +316,24 @@ > > > > rc = jk_requtil_unescapeUrl(uri); > > if (rc == BAD_REQUEST) { > > - env->l->jkLog(env, env->l, JK_LOG_ERROR, > > + env->l->jkLog(env, env->l, JK_LOG_INFO, > > "HttpFilterProc [%s] contains > > one or more invalid escape sequences.\n", > > uri); > > - write_error_response(pfc,"400 Bad > > Request", HTML_ERROR_400); > > + // XXX: Let any other filter process > > the request, > > + // if they take any security > > measure or not doesnt matter. > > + // write_error_response(pfc,"400 Bad > > Request", HTML_ERROR_400); > > workerEnv->globalEnv->releaseEnv( > > workerEnv->globalEnv, env ); > > - return SF_STATUS_REQ_FINISHED; > > + return SF_STATUS_REQ_NEXT_NOTIFICATION; > > } > > else if(rc == BAD_PATH) { > > - env->l->jkLog(env, env->l, JK_LOG_EMERG, > > + env->l->jkLog(env, env->l, JK_LOG_INFO, > > "HttpFilterProc [%s] contains > > forbidden escape sequences.\n", > > uri); > > - write_error_response(pfc,"403 > > Forbidden", HTML_ERROR_403); > > + // XXX: Let any other filter process > > the request, > > + // if they take any security > > measure or not doesnt matter. > > + // write_error_response(pfc,"403 > > Forbidden", HTML_ERROR_403); > > workerEnv->globalEnv->releaseEnv( > > workerEnv->globalEnv, env ); > > - return SF_STATUS_REQ_FINISHED; > > + return SF_STATUS_REQ_NEXT_NOTIFICATION; > > } > > jk_requtil_getParents(uri); > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]