remm 02/02/27 11:06:35
Modified: catalina/src/share/org/apache/naming/resources
FileDirContext.java
Log:
- Add protection against going above the base path.
Revision Changes Path
1.11 +11 -6
jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java
Index: FileDirContext.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- FileDirContext.java 27 Feb 2002 01:17:00 -0000 1.10
+++ FileDirContext.java 27 Feb 2002 19:06:35 -0000 1.11
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
1.10 2002/02/27 01:17:00 craigmcc Exp $
- * $Revision: 1.10 $
- * $Date: 2002/02/27 01:17:00 $
+ * $Header:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
1.11 2002/02/27 19:06:35 remm Exp $
+ * $Revision: 1.11 $
+ * $Date: 2002/02/27 19:06:35 $
*
* ====================================================================
*
@@ -99,7 +99,7 @@
* Filesystem Directory Context implementation helper class.
*
* @author Remy Maucherat
- * @version $Revision: 1.10 $ $Date: 2002/02/27 01:17:00 $
+ * @version $Revision: 1.11 $ $Date: 2002/02/27 19:06:35 $
*/
public class FileDirContext extends BaseDirContext {
@@ -853,8 +853,13 @@
* @param name Normalized context-relative path (with leading '/')
*/
protected File file(String name) {
- if( File.separatorChar == '\\' )
- name = name.replace('/',File.separatorChar);
+
+ name = normalize(name);
+ if (name == null)
+ return (null);
+
+ if (File.separatorChar == '\\')
+ name = name.replace('/', File.separatorChar);
File file = new File(base, name);
if (file.exists() && file.canRead()) {
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
