Howdy,
>From org.apache.coyote.tomcat4.CoyoteAdapter:
// Additional URI normalization and validation is needed for
security
// reasons on Tomcat 4.0.x
if (connector.getUseURIValidationHack()) {
String uri = validate(request.getRequestURI());
if (uri == null) {
res.setStatus(400);
res.setMessage("Invalid URI");
throw new IOException("Invalid URI");
} else {
req.requestURI().setString(uri);
// Redoing the URI decoding
req.decodedURI().duplicate(req.requestURI());
req.getURLDecoder().convert(req.decodedURI(), true);
}
}
Obviously you have to look at the complete source code to find out more,
speicifically what the validate() method does. I didn't want to post
the whole source here ;)
Yoav Shapira
Millennium ChemInformatics
>-----Original Message-----
>From: Euan Guttridge [mailto:[EMAIL PROTECTED]
>Sent: Friday, June 20, 2003 5:11 AM
>To: '[EMAIL PROTECTED]'
>Subject: useURIValidationHack
>
>What is the connector param "useURIValidationHack"? I cannot find in
>documentation.
>
>Also can anyone point me to a description of diffs between the old http
>connector and the coyote connector please?
>
>
>Thanks
>Euan
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
