tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core ApplicationContext.java
Date Wed, 27 Feb 2002 19:20:18 GMT
remm        02/02/27 11:20:18

  Modified:    catalina/src/share/org/apache/catalina/core Tag:
                        tomcat_40_branch ApplicationContext.java
  Log:
  - Port patch.
  - Normalize RD paths, so that we prevent getting a RD for a path below the
    context path.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.32.2.1  +41 -4     jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java
  
  Index: ApplicationContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
  retrieving revision 1.32
  retrieving revision 1.32.2.1
  diff -u -r1.32 -r1.32.2.1
  --- ApplicationContext.java	11 Sep 2001 01:34:50 -0000	1.32
  +++ ApplicationContext.java	27 Feb 2002 19:20:18 -0000	1.32.2.1
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
1.32 2001/09/11 01:34:50 remm Exp $
  - * $Revision: 1.32 $
  - * $Date: 2001/09/11 01:34:50 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/ApplicationContext.java,v
1.32.2.1 2002/02/27 19:20:18 remm Exp $
  + * $Revision: 1.32.2.1 $
  + * $Date: 2002/02/27 19:20:18 $
    *
    * ====================================================================
    *
  @@ -113,7 +113,7 @@
    *
    * @author Craig R. McClanahan
    * @author Remy Maucherat
  - * @version $Revision: 1.32 $ $Date: 2001/09/11 01:34:50 $
  + * @version $Revision: 1.32.2.1 $ $Date: 2002/02/27 19:20:18 $
    */
   
   public class ApplicationContext
  @@ -569,6 +569,8 @@
           if (!path.startsWith("/"))
               throw new IllegalArgumentException
                 (sm.getString("applicationContext.requestDispatcher.iae", path));
  +        if (normalize(path) == null)
  +            return (null);
   
           // Construct a "fake" request to be mapped by our Context
           String contextPath = context.getPath();
  @@ -997,6 +999,41 @@
   
   
       // -------------------------------------------------------- Private Methods
  +
  +
  +    /**
  +     * Return a context-relative path, beginning with a "/", that represents
  +     * the canonical version of the specified path after ".." and "." elements
  +     * are resolved out.  If the specified path attempts to go outside the
  +     * boundaries of the current context (i.e. too many ".." path elements
  +     * are present), return <code>null</code> instead.
  +     *
  +     * @param path Path to be normalized
  +     */
  +    private String normalize(String path) {
  +
  +	String normalized = path;
  +
  +	// Normalize the slashes and add leading slash if necessary
  +	if (normalized.indexOf('\\') >= 0)
  +	    normalized = normalized.replace('\\', '/');
  +
  +	// Resolve occurrences of "/../" in the normalized path
  +	while (true) {
  +	    int index = normalized.indexOf("/../");
  +	    if (index < 0)
  +		break;
  +	    if (index == 0)
  +		return (null);	// Trying to go outside our context
  +	    int index2 = normalized.lastIndexOf('/', index - 1);
  +	    normalized = normalized.substring(0, index2) +
  +		normalized.substring(index + 3);
  +	}
  +
  +	// Return the normalized path that we have completed
  +	return (normalized);
  +
  +    }
   
   
       /**
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message