svn commit: r1372242 - /tomcat/tc6.0.x/trunk/STATUS.txt

Sun, 12 Aug 2012 19:21:06 -0700 

Author: kkolinko
Date: Mon Aug 13 02:20:18 2012
New Revision: 1372242

URL: http://svn.apache.org/viewvc?rev=1372242&view=rev
Log:
veto. It concerns current Tomcat 7 code (r1370537) as well.

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372242&r1=1372241&r2=1372242&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 13 02:20:18 2012
@@ -144,7 +144,26 @@ PATCHES PROPOSED TO BACKPORT:
   IDs are being encoded as path parameters.
   http://svn.apache.org/viewvc?rev=1370537&view=rev
   +1: markt, schultz
-  -1:
+  -1: kkolinko:
+     Regarding FormAuthenticator.restoreRequest(..):
+     My -1 is because decodedURI is saved into SavedRequest in #saveRequest(..)
+     but is restored into requestURI field in #restoreRequest(..).
+
+     The following are my concerns:
+     1. The web application protected by FORM auth might have expected path
+     parameters, and now those are lost from requestURI.
+     2. The decodedURI value is url-decoded in 
CoyoteAdapter.postParseRequest(..),
+     while requestURI is not. Using one for the other changes behaviour.
+
+     3. An issue that exists in the old code as well: I wonder why
+     decodedURI value is not restored by restoreRequest(). It looks like a
+     bug. I think an observable consequence is that 
o.a.c.connector.Request#toAbsolute()
+     will return different values because of different values of decodedURI.
+
+     The BZ 53584 bug is essentially in matchRequest(..) and I agree that it 
should
+     be changed to compare decodedURI values.
+     Can SavedRequest store both requestURI and decodedURI values and
+     restore both of them?
 
 * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481
   Add support for SSLHonorCipherOrder



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to