Author: markt
Date: Wed Oct 20 22:30:48 2010
New Revision: 1025785
URL: http://svn.apache.org/viewvc?rev=1025785&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4227
Update comments to indicate this is no longer an issue
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
Modified: tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java?rev=1025785&r1=1025784&r2=1025785&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/CGIServlet.java Wed Oct 20
22:30:48 2010
@@ -226,8 +226,6 @@ import org.apache.catalina.util.IOTools;
* <li> Better documentation
* <li> Confirm use of ServletInputStream.available() in CGIRunner.run() is
* not needed
- * <li> Make checking for "." and ".." in servlet & cgi PATH_INFO less
- * draconian
* <li> [add more to this TODO list]
* </ul>
* </p>
@@ -1522,7 +1520,10 @@ public final class CGIServlet extends Ht
* segments</u>:
* This implementation does not allow "<code>.</code>" and
* "<code>..</code>" in the the path, and such characters
- * will result in an IOException being thrown;
+ * will result in an IOException being thrown (this should
+ * never happen since Tomcat normalises the requestURI
+ * before determining the contextPath, servletPath and
+ * pathInfo);
* <LI> <u>Implementation limitations</u>: This implementation
* does not impose any limitations except as documented
* above. This implementation may be limited by the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
