Author: kkolinko Date: Mon Dec 21 07:12:11 2009 New Revision: 892709 URL: http://svn.apache.org/viewvc?rev=892709&view=rev Log: vote
Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=892709&r1=892708&r2=892709&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Dec 21 07:12:11 2009 @@ -364,5 +364,30 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47963 Prevent use of non-RFC2616 compliant custom status messages http://svn.apache.org/viewvc?rev=892612&view=rev + http://svn.apache.org/viewvc?rev=892707&view=rev +1: markt + +1: kkolinko: ( + 1. only together with rev.892707 + 2. this change, provided by rev.892612, + +- if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) { ++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER && ++ HttpMessages.isSafeInHttpHeader(response.getMessage())) { + message = response.getMessage(); + } + if (message == null){ + message = HttpMessages.getMessage(response.getStatus()); +- } else { +- message = message.replace('\n', ' ').replace('\r', ' '); + } + + has to be applied to the following 6 classes in TC 6: + in o.a.coyote.ajp: AjpAprProcessor and AjpProcessor, + in o.a.coyote.http11: InternalAprOutputBuffer, InternalNioOutputBuffer, InternalOutputBuffer + in o.a.jk.common: JkInputStream + (3 of them do not exist in TC 7). + + 3. I think that mention of extra overhead in systemprops.xml is not + necessary. + ) -1: --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org