Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
3.1
-
None
-
None
Description
It seems that this URL is requested from the server:
http://webide-demo.devxwiki.com/xwiki/wiki/webidetemplate/jsx/SyntaxHighlighting/HighlightingModeXwiki%2F2.1?discard
Encoded forward slashes are not ok in URLs, apache will either strip them ( if AllowEncodedSlashes is false ) or decode them if it is true, unless it is set as
AllowEncodedSlashes NoDecode
See: http://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache
Furthermore Tomcat does not accept encoded slashes either, see:
http://stackoverflow.com/questions/19576777/why-does-apache-tomcat-handle-encoded-slashes-2f-as-path-separators
I realize that due to CVE-2007-0450 Tomcat's default behaviour was changed to reject percent-encoded slashes in the path.