Woellchen opened a new pull request, #687: URL: https://github.com/apache/tomcat/pull/687
URIs must be at least decoded in order to process sub-delims as defined in RFC 3986, because slashes and their encoded counterparts are equivalent when processing paths. Normalization before the processing also makes sense to avoid unnecessary stripping of path parameters in case of path traversal. This fixes a bug where URIs like "/test;%2F.." would not properly resolve to "/", but to "/test". -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
