On 18/02/2013 09:54, Rainer Jung wrote: > On 17.02.2013 23:57, André Warnier wrote:
>> Otherwise, my feeling is that it will cost you quite a number of beers >> to stop Mark from fixing what could potentially be a security issue, now >> that he's sniffed it. > > :) > > Not sure whether Mark's sniffing changes based on the fact that we are > now talking about the AJP part of the connectors. It does mean I'm rather less concerned since that explains why the request wasn't rejected with a 400 response. I still want to look at this to understand why getRequestURI() is behaving the way it is. There might still be a bug here. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
