21 Apr
2015
21 Apr
'15
8:37 a.m.
Hi,
2015-04-21 5:29 GMT+02:00 Sergiu Dumitriu <sergiu(a)xwiki.com>om>:
On 04/04/2015 01:46 AM, Eduard Moraru wrote:
As there can be both / and \ in the page name, this security feature has
to be always disabled (for Tomcat it's
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true), so this
shouldn't matter anyway.
--
Best Regards
Lukáš Raška
IMO, the ID (if this is what you refer to as resource name) should always
be between 2 "/"es. If the resource name contains a "/" itself, then
it
should be URL escaped by the caller.
Don't forget that escaped / is not allowed in URLs by default by both
HTTPD and Tomcat.