tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lar...@apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/request AccessInterceptor.java
Date Fri, 16 Feb 2001 04:03:13 GMT
larryi      01/02/15 20:03:13

  Modified:    src/share/org/apache/tomcat/request Tag: tomcat_32
                        AccessInterceptor.java
  Log:
  According to the spec, a servlet mapped to the url-pattern "/abc/*" should
  be invoked if the URL "/abc" is used.  The prior fix allows "/abc" to fail
  to match "/abc/*" when used for a security-constraint allowing it to escape
  authorization.
  
  Porting the Tomcat 3.3 version of the fix that avoids this problem.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.12.2.6  +3 -1      jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/AccessInterceptor.java
  
  Index: AccessInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/Attic/AccessInterceptor.java,v
  retrieving revision 1.12.2.5
  retrieving revision 1.12.2.6
  diff -u -r1.12.2.5 -r1.12.2.6
  --- AccessInterceptor.java	2001/02/14 03:48:09	1.12.2.5
  +++ AccessInterceptor.java	2001/02/16 04:03:13	1.12.2.6
  @@ -321,7 +321,9 @@
   	
   	switch( ct.getMapType() ) {
   	case Container.PREFIX_MAP:
  -	    return path.startsWith( ctPath.substring(0, ctPathL - 1  ));
  +	    if( path.length() < ctPathL - 2  )
  +		return false;
  +	    return path.startsWith( ctPath.substring(0, ctPathL - 2  ));
   	case Container.EXTENSION_MAP:
   	    return ctPath.substring( 1 ).equals( URLUtil.getExtension( path ));
   	case Container.PATH_MAP:
  
  
  

Mime
View raw message