incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r591054 - /incubator/sling/trunk/microsling/microsling-core/src/main/java/org/apache/sling/microsling/slingservlets/DefaultSlingServlet.java
Date Thu, 01 Nov 2007 15:31:05 GMT
Author: fmeschbe
Date: Thu Nov  1 08:31:05 2007
New Revision: 591054

URL: http://svn.apache.org/viewvc?rev=591054&view=rev
Log:
SLING-88 Don't handle requests to paths below WEB-INF and META-INF

Modified:
    incubator/sling/trunk/microsling/microsling-core/src/main/java/org/apache/sling/microsling/slingservlets/DefaultSlingServlet.java

Modified: incubator/sling/trunk/microsling/microsling-core/src/main/java/org/apache/sling/microsling/slingservlets/DefaultSlingServlet.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/microsling/microsling-core/src/main/java/org/apache/sling/microsling/slingservlets/DefaultSlingServlet.java?rev=591054&r1=591053&r2=591054&view=diff
==============================================================================
--- incubator/sling/trunk/microsling/microsling-core/src/main/java/org/apache/sling/microsling/slingservlets/DefaultSlingServlet.java
(original)
+++ incubator/sling/trunk/microsling/microsling-core/src/main/java/org/apache/sling/microsling/slingservlets/DefaultSlingServlet.java
Thu Nov  1 08:31:05 2007
@@ -67,10 +67,13 @@
         final Resource  r = req.getResource();
         if (Resource.RESOURCE_TYPE_NON_EXISTING.equals(r.getResourceType())) {
 
-            URL url = getServletContext().getResource(r.getURI());
-            if (url != null) {
-                spool(url, resp);
-                return;
+            String path = r.getURI();
+            if (!path.startsWith("/WEB-INF") && !path.startsWith("/META-INF")) {
+                URL url = getServletContext().getResource(path);
+                if (url != null) {
+                    spool(url, resp);
+                    return;
+                }
             }
 
             throw new HttpStatusCodeException(HttpServletResponse.SC_NOT_FOUND,



Mime
View raw message