billbarker 02/01/08 23:43:20
Modified: src/share/org/apache/tomcat/modules/generators
StaticInterceptor.java
Log:
Make the (redundant) check for WEB-INF optional.
This was reported against 4.x as bug #5724. However, in our case it actually
prevents things that are explicitly promised to work in the spec.
Revision Changes Path
1.18 +25 -11
jakarta-tomcat/src/share/org/apache/tomcat/modules/generators/StaticInterceptor.java
Index: StaticInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/generators/StaticInterceptor.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- StaticInterceptor.java 31 Dec 2001 22:26:34 -0000 1.17
+++ StaticInterceptor.java 9 Jan 2002 07:43:20 -0000 1.18
@@ -78,6 +78,7 @@
int realFileNote=-1;
boolean useAcceptLanguage=true;
String charset=null;
+ private boolean extraSafety=false;
public StaticInterceptor() {
}
@@ -103,7 +104,13 @@
public void setUseCharset(String charset) {
this.charset=charset;
}
-
+ /** Request extra safety checks.
+ * Defaults to <code>false</code> since it also prevents
+ * certain include/forwards from working.
+ */
+ public void setExtraSafety(boolean safe) {
+ extraSafety = safe;
+ }
public void engineInit(ContextManager cm) throws TomcatException {
// if( debug>0 ) log("Engine init " );
@@ -125,6 +132,7 @@
fileHandler.setModule( this );
fileHandler.setContext( ctx );
fileHandler.setNoteId( realFileNote );
+ fileHandler.setExtraSafety(extraSafety);
ctx.addServlet( fileHandler );
dirHandler.setNoteId( realFileNote );
@@ -268,6 +276,7 @@
final class FileHandler extends Handler {
int realFileNote;
Context context;
+ private boolean extraSafety=false;
FileHandler() {
// setOrigin( Handler.ORIGIN_INTERNAL );
@@ -278,6 +287,9 @@
this.context=ctx;
}
+ public void setExtraSafety(boolean safe) {
+ extraSafety = safe;
+ }
public void setNoteId( int n ) {
realFileNote=n;
}
@@ -379,17 +391,19 @@
log("Ends with \\/. " + absPath);
return null;
}
- if (absPath.length() > base.length())
- {
- String relPath=absPath.substring( base.length() + 1);
- if( debug>0) log( "RelPath = " + relPath );
-
- String relPathU=relPath.toUpperCase();
- if ( relPathU.startsWith("WEB-INF") ||
- relPathU.startsWith("META-INF") ||
- (relPathU.indexOf("/WEB-INF/") >= 0) ||
- (relPathU.indexOf("/META-INF/") >= 0) ) {
+ if(extraSafety) {
+ if (absPath.length() > base.length())
+ {
+ String relPath=absPath.substring( base.length() + 1);
+ if( debug>0) log( "RelPath = " + relPath );
+
+ String relPathU=relPath.toUpperCase();
+ if ( relPathU.startsWith("WEB-INF") ||
+ relPathU.startsWith("META-INF") ||
+ (relPathU.indexOf("/WEB-INF/") >= 0) ||
+ (relPathU.indexOf("/META-INF/") >= 0) ) {
return null;
+ }
}
}
return absPath;
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
