tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From christopher hull <chris.h...@mediagate.com>
Subject Re: pathTranslated and pathInfo... More unsafe paths
Date Thu, 15 Mar 2001 02:00:09 GMT

Wow!  Thanks for the quick response.

The problem it turns out has nothing to do with spaces.  When 
getResourceAsStream() can't find a resource, it displays a space just 
after the root for convenience.  It turns out that getResourceAsStream
  is case sensitive.  Is there a way to tell getResourceAsStream
  not to be?

Thanks;
-Chris


Craig R. McClanahan wrote:

> 
> On Wed, 14 Mar 2001, christopher hull wrote:
> 
> 
>> But wait...
>> /WEB-INF/../../env.xml
>> is inside of
>> /WEB-INF/../env.xml
>> (see example below)
>> 
> 
> 
> When you start with a slash, that means you are resolving a URL relative
> to some "base".  The base that is used depends on the context you are
> using it in:
> 
> * For things like request dispatchers, and ServletContext.getResource(),
>   the base is the context root of your web application.
> 
> * For things sent to the browkser, like a hyperlink:
> 	<a href="/WEB-INF/../../env.xml">Click Me</a>
>   the link would be resolved (by the browser) against the server root
>   of your web server.
> 
> 
>> Do you have to specify all the sub-directories that a webapp uses?
>> 
>> Also, I've noticed an interesting and occasionsl unsafe path where a 
>> space is being introduced just before the path I supply to 
>> getResourceAsStream.
>> 
>> If I say servContext.getResourceAsStream("\path\foo.html");
> 
> 
> This is actually an invalid path.  URLs always use forward slashes, even
> if some browsers (and some servers) let you get away with backslashes.
> 
> 
>> I occasionally get an exception stating an unsafe path of...
>> w:\foo\bar\tomcat\webapps \path\foo.html
>> 
>> A space is being introduced just before the path I supply, but only 
>> sometimes.
>> 
> 
> 
> Are you absolutely positive that the webapps directory is named
> "webapps" and not "webapps " (with a trailing space)?
> 
> 
>> Is there a reliable way to get the document root?
> 
> 
> You can get the context root of your webapp by calling:
> 	String rootPath =
>           getServletContext().getRealPath("/");
> if you are running under a servlet container that runs from unpacked
> directories (like Tomcat 3.2.1 does).  If you are running under a servlet
> container that runs web apps directly from a WAR file, there is no such
> thng as the pathname of the context root, and the above call will return
> null.
> 
> 
>> PathTranslated and PathInfo don't work the way they used to.
>> 
> 
> 
> Tomcat 3.1 had bugs in these calls -- Tomcat 3.2.1 works correctly.
> 
> 
>> Running Tomcat 3.2.1
>> 
>> -Chris
>> 
>> 
> 
> 
> Craig McClanahan


-- 

Christopher Hull
Engineering Group Manager, Senior Software Architect
Mediagate Inc.
iPost Card     http://web.mediagate.com/chris.hull
iPost Voice    408 261 7201
email          chris.hull@mediagate.com


Mime
View raw message