|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 2266 | minor | always | 12-19-07 05:38 | 02-13-08 16:01 | |
|
|
|||||
| Reporter: | jornsvendsen | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 3.0.21 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 3.1.5 | ||
|
|
|||||
| Summary: | 0002266: Resin returns status 400 The request contains an illegal URL. without logging | ||||
| Description: |
When the request path includes two or more dots the requet is rejected. http://myServer.com/myapp/.../uiuer/kkdkjf/ [^] As the path includes dynamic information from the user the application is not able to return a proper error message due to the fact that the request never reaches the application. Even if the .. is url encoded as %2E%2E the request is rejected. As I read the specs. (primarily RFC 2396) the .. should not be changed for absolute urls and defenitely not in url encoded form. Running the application on Apache Tomcat deliver the request to the application and returns a proper error page to the user. No loggin is made in the access log in the above case. |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||