raviteja07 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

context path validation error #46

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
In the Validator properties in 2.0rc2 (no property is provided in 1.4) the
context path is validated as ^[a-zA-Z0-9.\\-_]*$.   At least on weblogic &
jboss, I get / as the leading character when calling this method.  Should
this be changed to ^/?[a-zA-Z0-9.\\-_]*$ in the reference implementation? 
Is there an appserver that doesn’t return a leading slash?

Original issue reported on code.google.com by manico.james@gmail.com on 5 Nov 2009 at 9:57

GoogleCodeExporter commented 9 years ago
I haven't looked at the code to which you refer, but according to the spec the
context path returned from getContextPath should start with a '/' but not end 
with
one. The only exception to this is if the context is the default context in 
which it
is just a empty string.

Original comment by schal...@darkmist.net on 14 Dec 2009 at 3:19

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 1 Nov 2010 at 6:01

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 1 Nov 2010 at 6:01

GoogleCodeExporter commented 9 years ago
Validation

Original comment by manico.james@gmail.com on 19 Nov 2010 at 2:34

GoogleCodeExporter commented 9 years ago

Original comment by manico.james@gmail.com on 19 Nov 2010 at 2:34

GoogleCodeExporter commented 9 years ago

Original comment by chrisisbeef on 20 Nov 2010 at 9:17

GoogleCodeExporter commented 9 years ago

Original comment by chrisisbeef on 25 Jul 2011 at 5:57