Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 87709 invoked by uid 500); 14 Jun 2001 15:23:51 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 87662 invoked by uid 500); 14 Jun 2001 15:23:49 -0000 Delivered-To: apmail-jakarta-tomcat-cvs@apache.org Date: 14 Jun 2001 15:23:48 -0000 Message-ID: <20010614152348.87623.qmail@apache.org> From: marcsaeg@apache.org To: jakarta-tomcat-cvs@apache.org Subject: cvs commit: jakarta-tomcat/src/examples/WEB-INF/classes/examples ShowSource.java marcsaeg 01/06/14 08:23:47 Modified: src/examples/WEB-INF/classes/examples Tag: tomcat_32 ShowSource.java Log: The code that attempted to prevent exposing the contents of files in the WEB-INF and META-INF directories was broken and actually prevented source files from being displayed. PR: 372 Submitted by: Tony Robertson (tony_robertson@yahoo.com) Revision Changes Path No revision No revision 1.4.4.2 +2 -2 jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java Index: ShowSource.java =================================================================== RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java,v retrieving revision 1.4.4.1 retrieving revision 1.4.4.2 diff -u -r1.4.4.1 -r1.4.4.2 --- ShowSource.java 2000/12/10 03:07:51 1.4.4.1 +++ ShowSource.java 2001/06/14 15:23:46 1.4.4.2 @@ -21,8 +21,8 @@ public int doEndTag() throws JspException { if ((jspFile.indexOf( ".." ) >= 0) || - (jspFile.toUpperCase().indexOf("/WEB-INF/") != 0) || - (jspFile.toUpperCase().indexOf("/META-INF/") != 0)) + (jspFile.toUpperCase().indexOf("/WEB-INF/") >= 0) || + (jspFile.toUpperCase().indexOf("/META-INF/") >= 0)) throw new JspTagException("Invalid JSP file " + jspFile); InputStream in