Bug 40001 - HTML pages should not use GET to restart web-apps.
Summary: HTML pages should not use GET to restart web-apps.
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Webapps:Manager (show other bugs)
Version: 5.5.17
Hardware: Other other
: P2 enhancement with 2 votes (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 42795 50231 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-07-10 14:32 UTC by Michiel Meeuwissen
Modified: 2010-11-08 13:55 UTC (History)
3 users (show)


Attachments
suggested fix (8.40 KB, patch)
2009-08-15 15:20 UTC, lucenebugs2006 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michiel Meeuwissen 2006-07-10 14:32:20 UTC
Comment 1 Michiel Meeuwissen 2006-07-10 14:34:44 UTC 
If for example FF crashes, and you restart it, it could popup with the
manager-pages in it with reload?path=/, it will immediately, and unwantedly,
restart the web-app
Comment 2 Yoav Shapira 2006-12-26 07:29:30 UTC 
I like the easy functionality.  I'm guessing you want a POST to better comply
with some notion of HTTP semantics where GETs shouldn't do anything but read
data?  If so, please provide a patch accordingly.

Setting Severity to enhancement.
Comment 3 Mark Thomas 2007-07-02 17:17:50 UTC 
*** Bug 42795 has been marked as a duplicate of this bug. ***
Comment 4 lucenebugs2006 2009-08-15 15:20:41 UTC 
Created attachment 24139 [details]
suggested fix

This patch changes the reload/start/stop/undeploy links to buttons and makes sure the servlet only reacts to POST requests. It also improves the text of the Javascript confirmation dialog a bit.
Comment 5 lucenebugs2006 2009-08-15 15:21:53 UTC 
Setting back to "NEW" as requested by the instructions.
Comment 6 Mark Thomas 2009-10-10 14:57:07 UTC 
I've applied a patch for this (using some of the ideas in this patch) to Tomcat 7.

I'm not going to propose this for backport to 5.5.x/6.0.x since there may be some users that are using GET requests to integrate the manager with the own management tools and changing to POST would break these.
Comment 7 Ramon 2010-11-08 13:55:14 UTC 
*** Bug 50231 has been marked as a duplicate of this bug. ***