From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 20 Oct 2010 22:30:48 +0000 (+0000)
Subject: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4227
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=7ed9592764cb74170c4242bcd6cb69cae1ac38aa;p=tomcat7.0

Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=4227
Update comments to indicate this is no longer an issue

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1025785 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/java/org/apache/catalina/servlets/CGIServlet.java b/java/org/apache/catalina/servlets/CGIServlet.java
index 316b91866..e3e85edc5 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -226,8 +226,6 @@ import org.apache.catalina.util.IOTools;
  * <li> Better documentation
  * <li> Confirm use of ServletInputStream.available() in CGIRunner.run() is
  *      not needed
- * <li> Make checking for "." and ".." in servlet & cgi PATH_INFO less
- *      draconian
  * <li> [add more to this TODO list]
  * </ul>
  * </p>
@@ -1522,7 +1520,10 @@ public final class CGIServlet extends HttpServlet {
          *             segments</u>:
          *             This implementation does not allow "<code>.</code>" and
          *             "<code>..</code>" in the the path, and such characters
-         *             will result in an IOException being thrown;
+         *             will result in an IOException being thrown (this should
+         *             never happen since Tomcat normalises the requestURI
+         *             before determining the contextPath, servletPath and
+         *             pathInfo);
          *     <LI> <u>Implementation limitations</u>: This implementation
          *             does not impose any limitations except as documented
          *             above.  This implementation may be limited by the