Author: markt Date: Wed Oct 20 22:30:48 2010 New Revision: 1025785 URL: http://svn.apache.org/viewvc?rev=1025785&view=rev Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4227 Update comments to indicate this is no longer an issue
Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java?rev=1025785&r1=1025784&r2=1025785&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java (original) +++ tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Wed Oct 20 22:30:48 2010 @@ -226,8 +226,6 @@ import org.apache.catalina.util.IOTools; * <li> Better documentation * <li> Confirm use of ServletInputStream.available() in CGIRunner.run() is * not needed - * <li> Make checking for "." and ".." in servlet & cgi PATH_INFO less - * draconian * <li> [add more to this TODO list] * </ul> * </p> @@ -1522,7 +1520,10 @@ public final class CGIServlet extends Ht * segments</u>: * This implementation does not allow "<code>.</code>" and * "<code>..</code>" in the the path, and such characters - * will result in an IOException being thrown; + * will result in an IOException being thrown (this should + * never happen since Tomcat normalises the requestURI + * before determining the contextPath, servletPath and + * pathInfo); * <LI> <u>Implementation limitations</u>: This implementation * does not impose any limitations except as documented * above. This implementation may be limited by the --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org