https://issues.apache.org/bugzilla/show_bug.cgi?id=50026
--- Comment #12 from Chuck Caldarale <chuck.caldar...@unisys.com> 2010-10-26
14:21:24 EDT ---
(In reply to comment #11)
> Instead of disallowing the whole remapping of the default servlet, can't this
> be implemented (as suggested) by using the getPathInfo(). for example:
>
> String pathInfo = request.getPathInfo();
> if (pathInfo.startsWith("WEB-INF") || pathInfo.startsWith("META-INF")) {
> // disallow, send 404
> } else {
> proceed normally
> }
Insufficient, since that would expose other directories that a site might not
want to give direct access to.
> I'm aware that this can be worked around by a Filter, or placing the static
> resources in a new app, or perhaps some more ways, but why should these be
> needed, when a simple mapping could do?
Because the mapping is misleading, and numerous complaints have been lodged on
the user's mailing list (and some here) about the previous discrepancy between
the <url-pattern> and reality.
- Chuck
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
