On 13/08/2012 03:20, kkoli...@apache.org wrote: > Author: kkolinko > Date: Mon Aug 13 02:20:18 2012 > New Revision: 1372242 > > URL: http://svn.apache.org/viewvc?rev=1372242&view=rev > Log: > veto. It concerns current Tomcat 7 code (r1370537) as well.
Fair point. I'll get trunk / 7.0.x fixed and update the proposal later today. Mark > > Modified: > tomcat/tc6.0.x/trunk/STATUS.txt > > Modified: tomcat/tc6.0.x/trunk/STATUS.txt > URL: > http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1372242&r1=1372241&r2=1372242&view=diff > ============================================================================== > --- tomcat/tc6.0.x/trunk/STATUS.txt (original) > +++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Aug 13 02:20:18 2012 > @@ -144,7 +144,26 @@ PATCHES PROPOSED TO BACKPORT: > IDs are being encoded as path parameters. > http://svn.apache.org/viewvc?rev=1370537&view=rev > +1: markt, schultz > - -1: > + -1: kkolinko: > + Regarding FormAuthenticator.restoreRequest(..): > + My -1 is because decodedURI is saved into SavedRequest in > #saveRequest(..) > + but is restored into requestURI field in #restoreRequest(..). > + > + The following are my concerns: > + 1. The web application protected by FORM auth might have expected path > + parameters, and now those are lost from requestURI. > + 2. The decodedURI value is url-decoded in > CoyoteAdapter.postParseRequest(..), > + while requestURI is not. Using one for the other changes behaviour. > + > + 3. An issue that exists in the old code as well: I wonder why > + decodedURI value is not restored by restoreRequest(). It looks like a > + bug. I think an observable consequence is that > o.a.c.connector.Request#toAbsolute() > + will return different values because of different values of decodedURI. > + > + The BZ 53584 bug is essentially in matchRequest(..) and I agree that it > should > + be changed to compare decodedURI values. > + Can SavedRequest store both requestURI and decodedURI values and > + restore both of them? > > * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53481 > Add support for SSLHonorCipherOrder > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
