diff options
author | Greg Wilkins | 2013-08-23 07:17:34 +0000 |
---|---|---|
committer | Greg Wilkins | 2013-08-23 07:17:34 +0000 |
commit | d2ff4758345035299a3c39fa49aa99a4c0315e78 (patch) | |
tree | 8f99cf9e951d50a69d50cf8c623dced476490f8a /jetty-server | |
parent | c4583918a3febd3df66632545fce9fb0849be65d (diff) | |
parent | b33b5f2f5d1d7d69b8fb3c3b0ef85c9fd94036a8 (diff) | |
download | org.eclipse.jetty.project-d2ff4758345035299a3c39fa49aa99a4c0315e78.tar.gz org.eclipse.jetty.project-d2ff4758345035299a3c39fa49aa99a4c0315e78.tar.xz org.eclipse.jetty.project-d2ff4758345035299a3c39fa49aa99a4c0315e78.zip |
Merge remote-tracking branch 'origin/jetty-8'
Conflicts:
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
jetty-util/src/main/java/org/eclipse/jetty/util/resource/FileResource.java
tests/test-webapps/test-jetty-webapp/src/main/config/webapps.demo/test.xml
Diffstat (limited to 'jetty-server')
-rw-r--r-- | jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java | 48 | ||||
-rw-r--r-- | jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java | 6 |
2 files changed, 50 insertions, 4 deletions
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java index 94c2be1617..961c9a540e 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java @@ -1590,23 +1590,46 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu path = URIUtil.canonicalPath(path); Resource resource = _baseResource.addPath(path); + System.err.println(); + System.err.println("resource="+resource); + try + { + System.err.println("path="+path); + System.err.println("resource="+resource); + System.err.println("resource.getURI()="+resource.getURI()); + System.err.println("resource.getURL()="+resource.getURL()); + System.err.println("resource.getAlias()="+resource.getAlias()); + System.err.println("resource.getFile() ="+resource.getFile()); + System.err.println("resource.getFile().getCanonicalPath()="+resource.getFile().getCanonicalPath()); + System.err.println("resource.getFile().getAbsolutePath() ="+resource.getFile().getAbsolutePath()); + System.err.println("resource.exists() ="+resource.exists()); + } + catch(Exception e) + { + e.printStackTrace(); + } + // Is the resource aliased? if (resource.getAlias() != null) { if (LOG.isDebugEnabled()) LOG.debug("Aliased resource: " + resource + "~=" + resource.getAlias()); + System.err.println("ALIAS="+resource.getAlias()); // alias checks for (Iterator<AliasCheck> i=_aliasChecks.iterator();i.hasNext();) { AliasCheck check = i.next(); + System.err.println("check="+check); if (check.check(path,resource)) { + System.err.println("OK???"); if (LOG.isDebugEnabled()) LOG.debug("Aliased resource: " + resource + " approved by " + check); return resource; } } + System.err.println("NULL ALIAS"); return null; } @@ -2587,8 +2610,13 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu * Eg. a symbolic link from /foobar.html to /somewhere/wibble.html would be * approved because both the resource and alias end with ".html". */ + @Deprecated public static class ApproveSameSuffixAliases implements AliasCheck { + { + LOG.warn("ApproveSameSuffixAlias is not safe for production"); + } + @Override public boolean check(String path, Resource resource) { @@ -2606,8 +2634,13 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu * Eg. a symbolic link from /dirA/foobar.html to /dirB/foobar.html would be * approved because both the resource and alias end with "/foobar.html". */ + @Deprecated public static class ApprovePathPrefixAliases implements AliasCheck { + { + LOG.warn("ApprovePathPrefixAliases is not safe for production"); + } + @Override public boolean check(String path, Resource resource) { @@ -2618,6 +2651,7 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu return resource.toString().endsWith(suffix); } } + /* ------------------------------------------------------------ */ /** Approve Aliases of a non existent directory. * If a directory "/foobar/" does not exist, then the resource is @@ -2628,11 +2662,17 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu @Override public boolean check(String path, Resource resource) { - int slash = path.lastIndexOf('/'); - if (slash<0 || resource.exists()) + if (resource.exists()) return false; - String suffix=path.substring(slash); - return resource.getAlias().toString().endsWith(suffix); + + String a=resource.getAlias().toString(); + String r=resource.getURL().toString(); + + if (a.length()>r.length()) + return a.startsWith(r) && a.length()==r.length()+1 && a.endsWith("/"); + else + return r.startsWith(a) && r.length()==a.length()+1 && r.endsWith("/"); } } + } diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java new file mode 100644 index 0000000000..b7995a9a63 --- /dev/null +++ b/jetty-server/src/test/java/org/eclipse/jetty/server/handler/ContextHandlerGetResourceTest.java @@ -0,0 +1,6 @@ +package org.eclipse.jetty.server.handler; + +public class ContextHandlerGetResourceTest +{ + +} |