Hi folks,
I found a strange problem with Apache that is exposed by the way Turbine
encodes URL parameters into the path of the request.
It turns out that Apache doesn't like the '/' character encoded as '%2F'
inside a URL path. If you have an action or screen in Turbine which is in a
subdirectory (eg. admin/index.vm), the '/' is encoded as '%2F' and Apache
doesn't like that.
So,
http://www.bananaseed.com/bs/servlet/bs/template/admin%2Findex.vm
fails with an APACHE not found message (request never even gets to Tomcat -
I'm using Apache-Mod_JServ-Tomcat-Turbine)
while
http://www.bananaseed.com/bs/servlet/bs/template/index.vm
works 100%
Has anyone else ran into this problem? If so, how do I get around it?
I figure there are 2 options....
1) Hack %2F checking out of Apache (The Apache maintainers know about the
problem, in fact, allowing %2F is a security risk to them. Doesn't look like
they intend fixing it)
2) Change the seperator used by Turbine
Comments/suggestions?
g
-----Original Message-----
From: James Coltman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 20, 2000 4:49 PM
To: [EMAIL PROTECTED]
Subject: Re: TemplateSecureSessionValidator
martin wrote:
>there was a bug in TemplateInfo.java ... it is fixed in turbine-cvs ...
>get the latest version or wait for the next tdk ..
in response to:
>> Which version of Turbine are you using? With TDK1.1a9 and
>> TDK1.1b1, I get the same results. Is there something else
>> I'm missing in TR.props?
>>
>> I even created another sessionvalidator and copied the code
>> from TemplateSecureSessionValidator and put in debugging
>> prints. Interestingly enough,
>>
>> data.getTemplateInfo().setScreenTemplate(
>> TurbineResources.getString("template.login") );
>> System.out.println(data.getTemplateInfo().getScreenTemplate());
>>
>> The second line prints the page I was maliciously trying to
>> get to, rather than the data from template.login.
>>
>> However, the setMessage() call is working - the page I
>> maliciously tried to go to shows me the login.message. -
>> The template is just not getting set properly.
I have tried use the the latest code from the one of the recent nightly
builds and have found that I am getting a horrible exception response. Could
you direct me to a usable nightly build that I can intergrate with the
TDK1.1b1, or do I need to use one of the TDK's from CVS.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
