On Sat, 31 May 2003 06:37, Michenaud Laurent wrote:
> I can't find any documentation about the parameter useURIValidationHack.
// Additional URI normalization and validation is needed for security
// reasons on Tomcat 4.0.x
if (connector.getUseURIValidationHack()) {
String uri = validate(request.getRequestURI());
if (uri == null) {
res.setStatus(400);
res.setMessage("Invalid URI");
throw new IOException("Invalid URI");
} else {
req.requestURI().setString(uri);
// Redoing the URI decoding
req.decodedURI().duplicate(req.requestURI());
req.getURLDecoder().convert(req.decodedURI(), true);
}
}
I'm guessing this is because of the ServletInvoker security exploit, either
that or another one that was in earlier 4.0 versions, maybe one of the
development types on the list will be able to shine more light on the
subject.
Regards,
--
Jason Bainbridge
KDE Web Team - http://kde.org
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
