myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lu4...@apache.org
Subject svn commit: r1212649 - in /myfaces/core/trunk/shared/src: main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java test/java/org/apache/myfaces/shared/resource/ test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java
Date Fri, 09 Dec 2011 21:39:22 GMT
Author: lu4242
Date: Fri Dec  9 21:39:21 2011
New Revision: 1212649

URL: http://svn.apache.org/viewvc?rev=1212649&view=rev
Log:
MYFACES-3414 MyFaces ResourceImpl$ValueExpressionFilterInputStream does not handle resolving
long URLs

Added:
    myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/   (with props)
    myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java
  (with props)
Modified:
    myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java

Modified: myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java?rev=1212649&r1=1212648&r2=1212649&view=diff
==============================================================================
--- myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java
(original)
+++ myfaces/core/trunk/shared/src/main/java/org/apache/myfaces/shared/resource/ResourceValidationUtils.java
Fri Dec  9 21:39:21 2011
@@ -99,7 +99,7 @@ public class ResourceValidationUtils
                 return false;
             }
         }
-        if (expression.length() > 3)
+        if (expression.length() >= 3)
         {
             int length = expression.length();
             if ( (expression.charAt(length-3) == '/' || expression.charAt(length-3) == '\\'
) && 

Propchange: myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/
------------------------------------------------------------------------------
    bugtraq:number = true

Added: myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java?rev=1212649&view=auto
==============================================================================
--- myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java
(added)
+++ myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java
Fri Dec  9 21:39:21 2011
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.myfaces.shared.resource;
+
+import org.apache.myfaces.test.base.junit4.AbstractJsfTestCase;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ResourceValidationUtilsTest extends AbstractJsfTestCase
+{
+    @Test
+    public void testLocaleNames() throws Exception
+    {
+        Assert.assertTrue(ResourceValidationUtils.isValidLocalePrefix("es_CO"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLocalePrefix("de"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLocalePrefix("de_AT"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLocalePrefix("zh_CN_id"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLocalePrefix("zh_CN_23"));
+        
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("de-AT"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("."));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix(".."));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("zh_"+'\t'+"CN"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("\\.."));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("/.."));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("../"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix("..\\"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLocalePrefix(".."));
+    }
+    
+    @Test
+    public void testLibraryNames() throws Exception
+    {
+        Assert.assertTrue(ResourceValidationUtils.isValidLibraryName("mylib"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLibraryName("org.apache.myfaces"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLibraryName("some-js-lib"));
+        Assert.assertTrue(ResourceValidationUtils.isValidLibraryName("some_js_lib"));
+
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName("/mylib"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName("mylib"+'\t'+"22"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName("\\mylib"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName(".."));
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName("some:js"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName("some?js"));
+        Assert.assertFalse(ResourceValidationUtils.isValidLibraryName("some&js"));
+    }
+
+    @Test
+    public void testResourceNames() throws Exception
+    {
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("myres"));
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("myres.css"));
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("/myres"));
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("/mydir/./myres.css"));
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("org.apache.myfaces"));
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("my_res_file.css"));
+        Assert.assertTrue(ResourceValidationUtils.isValidResourceName("my-res-file.css"));
+        
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("myres"+'\t'+"22"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("\\myres"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName(".."));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("../"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("/.."));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("\\.."));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("..\\"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("myres.css/.."));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("myres.css\\.."));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("../myres.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("..\\myres.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("my/../res.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("my\\../res.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("my/..\\res.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("/mydir/../myres.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("my_res:file.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("my_res?file.css"));
+        Assert.assertFalse(ResourceValidationUtils.isValidResourceName("my_res&file.css"));
+    }
+}

Propchange: myfaces/core/trunk/shared/src/test/java/org/apache/myfaces/shared/resource/ResourceValidationUtilsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message