# tomcat-dev mailing list archives

##### Site index · List index
Message view
Top
From christopher hull <chris.h...@mediagate.com>
Subject Re: pathTranslated and pathInfo... More unsafe paths
Date Thu, 15 Mar 2001 02:00:09 GMT

Wow!  Thanks for the quick response.

The problem it turns out has nothing to do with spaces.  When
getResourceAsStream() can't find a resource, it displays a space just
after the root for convenience.  It turns out that getResourceAsStream
is case sensitive.  Is there a way to tell getResourceAsStream
not to be?

Thanks;
-Chris

Craig R. McClanahan wrote:

>
> On Wed, 14 Mar 2001, christopher hull wrote:
>
>
>> But wait...
>> /WEB-INF/../../env.xml
>> is inside of
>> /WEB-INF/../env.xml
>> (see example below)
>>
>
>
> When you start with a slash, that means you are resolving a URL relative
> to some "base".  The base that is used depends on the context you are
> using it in:
>
> * For things like request dispatchers, and ServletContext.getResource(),
>   the base is the context root of your web application.
>
> * For things sent to the browkser, like a hyperlink:
> 	<a href="/WEB-INF/../../env.xml">Click Me</a>
>   the link would be resolved (by the browser) against the server root
>   of your web server.
>
>
>> Do you have to specify all the sub-directories that a webapp uses?
>>
>> Also, I've noticed an interesting and occasionsl unsafe path where a
>> space is being introduced just before the path I supply to
>> getResourceAsStream.
>>
>> If I say servContext.getResourceAsStream("\path\foo.html");
>
>
> This is actually an invalid path.  URLs always use forward slashes, even
> if some browsers (and some servers) let you get away with backslashes.
>
>
>> I occasionally get an exception stating an unsafe path of...
>> w:\foo\bar\tomcat\webapps \path\foo.html
>>
>> A space is being introduced just before the path I supply, but only
>> sometimes.
>>
>
>
> Are you absolutely positive that the webapps directory is named
> "webapps" and not "webapps " (with a trailing space)?
>
>
>> Is there a reliable way to get the document root?
>
>
> You can get the context root of your webapp by calling:
> 	String rootPath =
>           getServletContext().getRealPath("/");
> if you are running under a servlet container that runs from unpacked
> directories (like Tomcat 3.2.1 does).  If you are running under a servlet
> container that runs web apps directly from a WAR file, there is no such
> thng as the pathname of the context root, and the above call will return
> null.
>
>
>> PathTranslated and PathInfo don't work the way they used to.
>>
>
>
> Tomcat 3.1 had bugs in these calls -- Tomcat 3.2.1 works correctly.
>
>
>> Running Tomcat 3.2.1
>>
>> -Chris
>>
>>
>
>
> Craig McClanahan

--

Christopher Hull
Engineering Group Manager, Senior Software Architect
Mediagate Inc.
iPost Card     http://web.mediagate.com/chris.hull
iPost Voice    408 261 7201
email          chris.hull@mediagate.com


Mime
View raw message