Is this screaming XSS attack?
Since javadocs in getRequestURI() say ... "The web container does not
decode this String"
-Tim
[EMAIL PROTECTED] wrote:
Author: markt
Date: Sat Jan 13 18:45:48 2007
New Revision: 496022
URL: http://svn.apache.org/viewvc?view=rev&rev=496022
Modified:
tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java?view=diff&rev=496022&r1=496021&r2=496022
==============================================================================
--- tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
(original)
+++ tomcat/jasper/tc5.5.x/src/share/org/apache/jasper/servlet/JspServlet.java
Sat Jan 13 18:45:48 2007
@@ -301,7 +301,7 @@
// creating unnecessary directories and files.
if (null == context.getResource(jspUri)) {
response.sendError(HttpServletResponse.SC_NOT_FOUND,
- jspUri);
+ request.getRequestURI());
return;
}
boolean isErrorPage = exception != null;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
