Author: kkolinko
Date: Mon Dec 21 07:12:11 2009
New Revision: 892709
URL: http://svn.apache.org/viewvc?rev=892709&view=rev
Log:
vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=892709&r1=892708&r2=892709&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Mon Dec 21 07:12:11 2009
@@ -364,5 +364,30 @@
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47963
Prevent use of non-RFC2616 compliant custom status messages
http://svn.apache.org/viewvc?rev=892612&view=rev
+ http://svn.apache.org/viewvc?rev=892707&view=rev
+1: markt
+ +1: kkolinko: (
+ 1. only together with rev.892707
+ 2. this change, provided by rev.892612,
+
+- if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER) {
++ if (org.apache.coyote.Constants.USE_CUSTOM_STATUS_MSG_IN_HEADER &&
++ HttpMessages.isSafeInHttpHeader(response.getMessage())) {
+ message = response.getMessage();
+ }
+ if (message == null){
+ message = HttpMessages.getMessage(response.getStatus());
+- } else {
+- message = message.replace('\n', ' ').replace('\r', ' ');
+ }
+
+ has to be applied to the following 6 classes in TC 6:
+ in o.a.coyote.ajp: AjpAprProcessor and AjpProcessor,
+ in o.a.coyote.http11: InternalAprOutputBuffer,
InternalNioOutputBuffer, InternalOutputBuffer
+ in o.a.jk.common: JkInputStream
+ (3 of them do not exist in TC 7).
+
+ 3. I think that mention of extra overhead in systemprops.xml is not
+ necessary.
+ )
-1:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
