[
https://issues.apache.org/jira/browse/GUACAMOLE-1649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17573050#comment-17573050
]
Mike Jumper commented on GUACAMOLE-1649:
----------------------------------------
The error in this case is actually coming from Tomcat, not the web application.
Tomcat rejects any request containing backslash (encoded or not) or an encoded
forward slash unless that behavior is disabled. This is configured by:
* For slashes: Add {{encodedSolidusHandling="passthrough"}} to the relevant
{{<Connector ...>}} in {{server.xml}}.
* For backslashes: Set the
{{-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true}} system
property (note: that's _system_ property, not a property that goes in
{{guacamole.properties}})
> usernames containing \ or / trigger an error in webclient
> ---------------------------------------------------------
>
> Key: GUACAMOLE-1649
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1649
> Project: Guacamole
> Issue Type: Bug
> Affects Versions: 1.4.0
> Environment: firefox 102.x
> guacamole 1.4.0
> openjdk 11.0.15
> tomcat 9.0.62
> postgresql 12.11
> nginx 1.8.0
> (k)ubuntu 20.04 LTS
> openssl 1.1.1f
> Reporter: Andries Broekema
> Priority: Minor
>
> Using the webinterface for administration. Create a new user via [ Settings,
> Users, New User ]; Enter e new username e.g.
> * /
> * \
> * a/b
> * a\b
> Guacamole shows an error message, but yet the account with this name has been
> created. Click the new user name to edit its details. Result: guacamole
> displays an error message, so the details page cannot be reached. So, the
> account cannot be edited or deleted from guacamole. The account can only be
> deleted using SQL to the database.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
