tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignacio J. Ortega" <na...@locus.apache.org>
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/resources LocalStrings_en.properties
Date Thu, 06 Jul 2000 23:26:12 GMT
nacho       00/07/06 16:26:12

  Modified:    src/share/org/apache/tomcat/request Tag: tomcat_32
                        StaticInterceptor.java
               src/share/org/apache/tomcat/resources Tag: tomcat_32
                        LocalStrings_en.properties
  Log:
  BugFix:
  StaticInterceptor now it blocks WEB-INF and META-INF
  
  and some typos in web.xml (various)
  
  All of them found by Larry Issacs,
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.7.2.1   +28 -16    jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
  
  Index: StaticInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
  retrieving revision 1.7
  retrieving revision 1.7.2.1
  diff -u -r1.7 -r1.7.2.1
  --- StaticInterceptor.java	2000/06/28 20:37:09	1.7
  +++ StaticInterceptor.java	2000/07/06 23:26:11	1.7.2.1
  @@ -306,16 +306,17 @@
   	    log("Ends with \\/. " + absPath);
   	    return null;
   	}
  -
  -	String relPath=absPath.substring( base.length());
  -	if( debug>0) log( "RelPath = " + relPath );
  -
  -	String relPathU=relPath.toUpperCase();
  -        if ( relPathU.startsWith("WEB-INF") ||
  -	     relPathU.startsWith("META-INF")) {
  -	    return null;
  -        }
  -
  +    if (absPath.length() > base.length())
  +	{
  +		String relPath=absPath.substring( base.length() + 1);
  +		if( debug>0) log( "RelPath = " + relPath );
  +
  +		String relPathU=relPath.toUpperCase();
  +		if ( relPathU.startsWith("WEB-INF") ||
  +				relPathU.startsWith("META-INF")) {
  +			return null;
  +		}
  +	}
   	return absPath;
       }
   
  @@ -361,7 +362,18 @@
   	String absPath=ctx.getRealPath( pathInfo );
   	File file = new File( absPath );
   	String requestURI=subReq.getRequestURI();
  -	
  +	String base = ctx.getAbsolutePath();
  +	if (absPath.length() > base.length())
  +	{
  +		String relPath=absPath.substring( base.length() + 1);
  +		String relPathU=relPath.toUpperCase();
  +		if ( relPathU.startsWith("WEB-INF") ||
  +				relPathU.startsWith("META-INF")) {
  +			context.getContextManager().handleStatus( req, res, 404);
  +			return;
  +		}
  +	}
  +
   	StringBuffer buf = new StringBuffer();
   	
   	if (! inInclude) {
  @@ -421,11 +433,11 @@
   	    String fileName = fileNames[i];
   
               // Don't display special dirs at top level
  -	    if( "/".equals(pathInfo) &&
  -		"WEB-INF".equalsIgnoreCase(fileName) ||
  -		"META-INF".equalsIgnoreCase(fileName) )
  -		continue;
  -	    
  +	    if( (pathInfo.length() == 0 || "/".equals(pathInfo)) &&
  +     		"WEB-INF".equalsIgnoreCase(fileName) ||
  + 	    	"META-INF".equalsIgnoreCase(fileName) )
  +    		continue;
  +
   	    File f = new File(file, fileName);
   
   	    if (f.isDirectory()) {
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.1.2.2   +1 -1      jakarta-tomcat/src/share/org/apache/tomcat/resources/LocalStrings_en.properties
  
  Index: LocalStrings_en.properties
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/resources/LocalStrings_en.properties,v
  retrieving revision 1.1.2.1
  retrieving revision 1.1.2.2
  diff -u -r1.1.2.1 -r1.1.2.2
  --- LocalStrings_en.properties	2000/07/06 23:23:07	1.1.2.1
  +++ LocalStrings_en.properties	2000/07/06 23:26:11	1.1.2.2
  @@ -2,7 +2,7 @@
   #
   
   # Localized strings for package org.apache.tomcat.core
  -# This is the default locale and is en_US
  +# This is the en Locale
   
   # StaticInterceptor
   defaultservlet.directorylistingfor=Directory Listing for:
  
  
  

Mime
View raw message