https://issues.apache.org/bugzilla/show_bug.cgi?id=47963
Summary: HTTP status reason-phrase contains illegal characters
in Japanese locale
Product: Tomcat 5
Version: 5.5.28
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: i9sg0i...@sneakemail.com
FormAuthenticator.authenticate() can send the client an error response with
Japanese characters. For example:
response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
sm.getString("authenticator.sessionExpired"));
This deviates from the HTTP RFC. From
http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1.1:
Reason-Phrase = *<TEXT, excluding CR, LF>
The TEXT rule is only used for descriptive field contents and values
that are not intended to be interpreted by the message parser. Words
of *TEXT MAY contain characters from character sets other than ISO-
8859-1 [22] only when encoded according to the rules of RFC 2047
[14].
This can cause some problems with some clients. For example, httpclient 3
reads the HTTP status line by looping over the line byte-by-byte, looking for
the "\n" byte. The authenticator.sessionExpired Japanese string happens to
contain a Japanese character for which one of the bytes matches "\n", breaking
this logic.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
