Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
Easy
-
N/A
-
N/A
-
Description
By default, Tomcat does not allow the usage of encoded slash '%2F' and backslash '%5C' in URLs, as noted in http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10.
This restriction prevents the usage of '/' and '\' in the name of wiki pages, given that the URL will have the offending percent-encodings. If a user tries to create or rename a page with those characters in the name, Tomcat will respond with a blank page every time a user tries to access it, becoming impossible to reverse the change from the UI.
To avoid surprises, it would be better to configure Tomcat to allow those characters, as they are supported in names by XWiki.
The restriction, or not, of these characters can be controlled by the system properties org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH and
org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH.
It should suffice to add
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
to the CATALINA_OPTS environment variable.