I agree that that is the expected behaviour. However the URL seems to be decoded *twice*.
'a%25sdf' -> 'a%sdf' -> 'a f' The second decoding is converting '%sd' to ' ', presumably because it's garbage. As Tim says, getRequestURL() doesn't decode the string, but I am seeing the '%25' decoded to '%'. For a request to 'http://localhost/escape/a%25sdf', the value of getRequestURL() is 'http://sekhmet.datcon.co.uk/escape/a%sdf'. -----Original Message----- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: 07 July 2003 16:53 To: Tomcat Users List Subject: Re: Double decoding of URL The current behavior seems OK. getRequestURL() returns the URL. This method was originally in HttpUtils. It acts much like getRequestURI() which in the javadocs explicitly says: "The web container does not decode this String" getPathInfo() OTOH according the the javadocs says... "Returns: a String, decoded by the web container" -Tim Benjamin Butler-Cole wrote: > I am having a problem with Apache/mod_jk/Ajp13Connector/Tomcat. > > If I make a request to a servlet with '%' in the path, the URL appears to be > being decoded twice. > > I have a servlet mapping of escape -> escape.jsp. That JSP contains the > following: > > <%= request.getPathInfo() %> > <%= request.getRequestURL() %> > > A request to http://localhost/escape/a%25sdf returns > > /a f > http://sekhmet.datcon.co.uk/escape/a%sdf > > And http://sekhmet/escape/a%21sdf gives > > /a!sdf > http://sekhmet.datcon.co.uk/escape/a!sdf > > Note that getRequestURL() returns the URL *without* decoding it, while > getPathInfo() does decode. So it looks like the URL is already decoded > before it reaches Tomcat (by Apache or the connector). > > I would expect the values of getPathInfo() to be '/a%sdf' and '/a!sdf', and > the values of getRequestURL to contain '%25' and '%21'. > > Does anyone know what's going on? The relevant bits of my configuration > files are below. > > Thanks > Ben --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
