commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject svn commit: r1713573 - in /commons/proper/validator/trunk/src: changes/changes.xml main/java/org/apache/commons/validator/routines/UrlValidator.java test/java/org/apache/commons/validator/routines/UrlValidatorTest.java
Date Tue, 10 Nov 2015 02:05:59 GMT
Author: sebb
Date: Tue Nov 10 02:05:59 2015
New Revision: 1713573

URL: http://svn.apache.org/viewvc?rev=1713573&view=rev
Log:
VALIDATOR-363 UrlValidator rejects path having two or more successive dots

Modified:
    commons/proper/validator/trunk/src/changes/changes.xml
    commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java
    commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java

Modified: commons/proper/validator/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/validator/trunk/src/changes/changes.xml?rev=1713573&r1=1713572&r2=1713573&view=diff
==============================================================================
--- commons/proper/validator/trunk/src/changes/changes.xml (original)
+++ commons/proper/validator/trunk/src/changes/changes.xml Tue Nov 10 02:05:59 2015
@@ -90,6 +90,9 @@ The dependencies for Validator have not
 For the current list of dependencies, please see
 http://commons.apache.org/validator/dependencies.html
   ">
+    <action issue="VALIDATOR-363" type="fix" dev="sebb">
+    UrlValidator rejects path having two or more successive dots
+    </action>
     <action issue="VALIDATOR-330" type="fix" dev="sebb">
     IBANCheckDigit.isValid() returns True for some invalid IBANs
     </action>

Modified: commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java
URL: http://svn.apache.org/viewvc/commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java?rev=1713573&r1=1713572&r2=1713573&view=diff
==============================================================================
--- commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java
(original)
+++ commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java
Tue Nov 10 02:05:59 2015
@@ -17,6 +17,8 @@
 package org.apache.commons.validator.routines;
 
 import java.io.Serializable;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Locale;
@@ -435,14 +437,19 @@ public class UrlValidator implements Ser
             return false;
         }
 
-        int slash2Count = countToken("//", path);
-        if (isOff(ALLOW_2_SLASHES) && (slash2Count > 0)) {
+        try {
+            URI uri = new URI(null,null,path,null);
+            String norm = uri.normalize().getPath();
+            if (norm.startsWith("/../") // Trying to go via the parent dir 
+             || norm.equals("/..")) {   // Trying to go to the parent dir
+                return false;
+            }
+        } catch (URISyntaxException e) {
             return false;
         }
-
-        int slashCount = countToken("/", path);
-        int dot2Count = countToken("..", path);
-        if (dot2Count > 0 && (slashCount - slash2Count - 1) <= dot2Count) {
+        
+        int slash2Count = countToken("//", path);
+        if (isOff(ALLOW_2_SLASHES) && (slash2Count > 0)) {
             return false;
         }
 

Modified: commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java
URL: http://svn.apache.org/viewvc/commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java?rev=1713573&r1=1713572&r2=1713573&view=diff
==============================================================================
--- commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java
(original)
+++ commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java
Tue Nov 10 02:05:59 2015
@@ -414,6 +414,19 @@ public class UrlValidatorTest extends Te
        assertTrue(validator.isValid("http://hello.tokyo/"));
     }
 
+   public void testValidator363(){
+        UrlValidator urlValidator = new UrlValidator();
+        assertTrue(urlValidator.isValid("http://www.example.org/a/b/hello..world"));
+        assertTrue(urlValidator.isValid("http://www.example.org/a/hello..world"));
+        assertTrue(urlValidator.isValid("http://www.example.org/hello.world/"));
+        assertTrue(urlValidator.isValid("http://www.example.org/hello..world/"));
+        assertTrue(urlValidator.isValid("http://www.example.org/hello.world"));
+        assertTrue(urlValidator.isValid("http://www.example.org/hello..world"));
+        assertTrue(urlValidator.isValid("http://www.example.org/..world"));
+        assertTrue(urlValidator.isValid("http://www.example.org/.../world"));
+        assertFalse(urlValidator.isValid("http://www.example.org/../world"));
+    }
+
    public void testValidator375() {
        UrlValidator validator = new UrlValidator();
        String url = "http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:80/index.html";



Mime
View raw message