headers
bugzilla | 1 Nov 2007 01:26
Picon
Favicon

DO NOT REPLY [Bug 43757] - Improper parsing of response.sendRedirect() in JSP source

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43757>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43757

------- Additional Comments From beefnog <at> gmail.com  2007-10-31 17:26 -------
(In reply to comment #1)
> I am tempted to think that the source Tomcat is parsing isn't the source you
> think it is. I can't reproduce the issue. Can you provide a simple JSP that
> exhibits this problem?

Greetings Mark :)

Here is a .jsp that should allow you to reproduce the issue:

=========================

<% <at> page contentType="text/html"%>
<% <at> page pageEncoding="UTF-8"%>
<% <at> page import="java.util.*"%>
<% <at> page import="javax.servlet.*"%>
<%

ServletContext context = this.getServletContext();

// if (session.getAttribute("isAuth") == null) {
//     session.setAttribute("messageToUser","Authentication failed.");
(Continue reading)

Permalink | Reply | 0 comments |
headers
bugzilla | 1 Nov 2007 01:32
Picon
Favicon

DO NOT REPLY [Bug 43757] - Improper parsing of response.sendRedirect() in JSP source

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43757>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43757

funkman <at> joedog.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

------- Additional Comments From funkman <at> joedog.org  2007-10-31 17:32 -------
Look at the generated java a little closer.

You'll notice after the commented code something like this: 
out.println("\n")

Because there is whitespace at the end of the file after the %>

So if one tried to write AFTER a redirect is done - you get an ISE.

You need
if (someCondition) {
  response.sendRedirect("./index.jsp");
  return;
}
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mark Thomas | 1 Nov 2007 01:54
Picon
Favicon
Gravatar

Re: Time to organise svn - Take 3

Mark Thomas wrote:
> svn cp
> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
> https://svn.apache.org/repos/asf/tomcat/tc6.1.0/trunk
> 
> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
> https://svn.apache.org/repos/asf/tomcat/trunk
> 
> Changes to .../trunk with be CTR
> Changes to .../6.1.x/trunk will be RTC

As per the previously published plan, I will create tomcat/tc6.1.x/trunk
and tomcat/trunk from the 6.0.15 tag. I plan to do this sometime on Friday
afternoon GMT. Any commits to 6.0.x/trunk between now and then I will apply
using CTR to trunk.

Mark
Permalink | Reply | 11 comments |
headers
Rémy Maucherat | 1 Nov 2007 02:58
Picon
Favicon

Re: New tag

On Mon, 2007-10-29 at 23:26 +0100, Rémy Maucherat wrote:
> Hi,
> 
> As the issue list seems relatively empty, I would like to tag 6.0.15
> soon, probably late tomorrow.

The binaries are available here:
http://people.apache.org/~remm/tomcat-6/v6.0.15/

Rémy
Permalink | Reply | 2 comments |
headers
bugzilla | 1 Nov 2007 03:02
Picon
Favicon

DO NOT REPLY [Bug 43757] - Improper parsing of response.sendRedirect() in JSP source

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43757>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43757

beefnog <at> gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |

------- Additional Comments From beefnog <at> gmail.com  2007-10-31 19:02 -------
(In reply to comment #3)
> Look at the generated java a little closer.
> You'll notice after the commented code something like this: 
> out.println("\n")
> Because there is whitespace at the end of the file after the %>
> So if one tried to write AFTER a redirect is done - you get an ISE.
> You need
> if (someCondition) {
>   response.sendRedirect("./index.jsp");
>   return;
> }

You are correct, and I noted the cause (a little less verbosely) in my reply 
to Mark Thomas' response. However, the error generated does not properly
(Continue reading)

Permalink | Reply | 0 comments |
headers
bugzilla | 1 Nov 2007 03:05
Picon
Favicon

DO NOT REPLY [Bug 43588] - Tomcat uses hardcoded 127.0.0.1 for localhost

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43588>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43588

------- Additional Comments From lgalfaso <at> gmail.com  2007-10-31 19:05 -------
(In reply to comment #9)
Instead of doing a refactor, and if no solution is best, why not just add a new
property "org.apache.tomcat.localhost.ip" that defaults to "127.0.0.1" that
whoever starts tomcat is able to override?
Not an automagic solution, but will address the original issue and will not
create any new security issues

--

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Permalink | Reply | 0 comments |
headers
Peter Rossbach | 1 Nov 2007 03:59
Picon
Favicon

Re: New tag

Hi,

I read the status and changelog reference and think the are not  
reflect the 6.0.15 status!
Peter

Am 01.11.2007 um 02:58 schrieb Rémy Maucherat:

> On Mon, 2007-10-29 at 23:26 +0100, Rémy Maucherat wrote:
>> Hi,
>>
>> As the issue list seems relatively empty, I would like to tag 6.0.15
>> soon, probably late tomorrow.
>
> The binaries are available here:
> http://people.apache.org/~remm/tomcat-6/v6.0.15/
>
> Rémy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe <at> tomcat.apache.org
> For additional commands, e-mail: dev-help <at> tomcat.apache.org
>
>
Permalink | Reply | 1 comment |
headers
bugzilla | 1 Nov 2007 04:52
Picon
Favicon

DO NOT REPLY [Bug 43757] - Improper parsing of response.sendRedirect() in JSP source

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43757>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43757

markt <at> apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|major                       |normal
          Component|Unknown                     |Jasper
         OS/Version|other                       |All
            Version|5.5.17                      |Nightly Build

------- Additional Comments From markt <at> apache.org  2007-10-31 20:52 -------
Yep - looks like we aren't counting commented out lines correctly during
generation. Thanks for the test case - I'll take a look.

Updating properties accordingly.

--

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Permalink | Reply | 0 comments |
headers
jean-frederic clere | 1 Nov 2007 09:51
Picon
Gravatar

Re: Time to organise svn - Take 3

Mark Thomas wrote:
> Mark Thomas wrote:
>> svn cp
>> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
>> https://svn.apache.org/repos/asf/tomcat/tc6.1.0/trunk
>>
>> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
>> https://svn.apache.org/repos/asf/tomcat/trunk
>>
>> Changes to .../trunk with be CTR
>> Changes to .../6.1.x/trunk will be RTC
> 
> As per the previously published plan, I will create tomcat/tc6.1.x/trunk
> and tomcat/trunk from the 6.0.15 tag. I plan to do this sometime on Friday
> afternoon GMT.

Why Friday? Shouldn't we wait until 6.0.15 (or 6.0.15 + n) is voted stable?

Cheers

Jean-Frederic

> Any commits to 6.0.x/trunk between now and then I will apply
> using CTR to trunk.
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe <at> tomcat.apache.org
(Continue reading)

Permalink | Reply | 10 comments |
headers
Peter Rossbach | 1 Nov 2007 10:58
Picon
Favicon

Re: Time to organise svn - Take 3

Good point

+1
Peter

Am 01.11.2007 um 09:51 schrieb jean-frederic clere:

> Mark Thomas wrote:
>> Mark Thomas wrote:
>>> svn cp
>>> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
>>> https://svn.apache.org/repos/asf/tomcat/tc6.1.0/trunk
>>>
>>> https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_15
>>> https://svn.apache.org/repos/asf/tomcat/trunk
>>>
>>> Changes to .../trunk with be CTR
>>> Changes to .../6.1.x/trunk will be RTC
>>
>> As per the previously published plan, I will create tomcat/tc6.1.x/ 
>> trunk
>> and tomcat/trunk from the 6.0.15 tag. I plan to do this sometime  
>> on Friday
>> afternoon GMT.
>
> Why Friday? Shouldn't we wait until 6.0.15 (or 6.0.15 + n) is voted  
> stable?
>
> Cheers
>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane