You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by "Ignacio J. Ortega" <na...@locus.apache.org> on 2000/07/07 00:55:37 UTC
cvs commit: jakarta-tomcat/src/webpages/WEB-INF web.xml
nacho 00/07/06 15:55:37
Modified: src/admin/WEB-INF web.xml
src/doc/appdev web.xml.txt
src/doc/appdev/sample/etc web.xml
src/etc web.xml
src/examples/WEB-INF web.xml
src/j2ee/org/apache/tomcat/deployment web.xml
src/share/org/apache/jasper/resources messages.properties
messages_es.properties
src/share/org/apache/tomcat/core LocalStrings_es.properties
src/share/org/apache/tomcat/request JDBCRealm.java
StaticInterceptor.java
src/tests/webpages/WEB-INF web.xml
src/webpages/WEB-INF web.xml
Log:
Bug StaticInterceptor now it blocks WEB-INF and META-INF
and some typos in web.xml (various)
All of them found by Larry Issacs,
Revision Changes Path
1.2 +1 -1 jakarta-tomcat/src/admin/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/admin/WEB-INF/web.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- web.xml 2000/02/18 18:33:03 1.1
+++ web.xml 2000/07/06 22:55:32 1.2
@@ -2,7 +2,7 @@
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
- "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
</web-app>
1.2 +3 -1 jakarta-tomcat/src/doc/appdev/web.xml.txt
Index: web.xml.txt
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/doc/appdev/web.xml.txt,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- web.xml.txt 2000/03/05 05:35:18 1.1
+++ web.xml.txt 2000/07/06 22:55:33 1.2
@@ -1,4 +1,6 @@
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
+<!DOCTYPE web-app
+ PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
1.2 +2 -1 jakarta-tomcat/src/doc/appdev/sample/etc/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/doc/appdev/sample/etc/web.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- web.xml 2000/03/28 02:36:22 1.1
+++ web.xml 2000/07/06 22:55:33 1.2
@@ -1,4 +1,5 @@
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
1.2 +1 -1 jakarta-tomcat/src/etc/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/etc/web.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- web.xml 2000/02/09 23:26:28 1.1
+++ web.xml 2000/07/06 22:55:33 1.2
@@ -2,7 +2,7 @@
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
- "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<servlet>
1.11 +1 -1 jakarta-tomcat/src/examples/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/web.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- web.xml 2000/06/29 18:01:27 1.10
+++ web.xml 2000/07/06 22:55:34 1.11
@@ -2,7 +2,7 @@
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
- "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<servlet>
1.2 +1 -1 jakarta-tomcat/src/j2ee/org/apache/tomcat/deployment/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/j2ee/org/apache/tomcat/deployment/web.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- web.xml 2000/02/11 00:22:29 1.1
+++ web.xml 2000/07/06 22:55:34 1.2
@@ -2,7 +2,7 @@
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
- "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<servlet>
1.19 +1 -1 jakarta-tomcat/src/share/org/apache/jasper/resources/messages.properties
Index: messages.properties
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/resources/messages.properties,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- messages.properties 2000/07/04 14:22:28 1.18
+++ messages.properties 2000/07/06 22:55:35 1.19
@@ -175,7 +175,7 @@
\n\
<!DOCTYPE web-app\n\
\ PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"\n\
-\ "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">\n\
+\ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">\n\
<!-- automatically created by tomcat jspc -->\n\
<web-app>\n\
\n
1.5 +2 -2 jakarta-tomcat/src/share/org/apache/jasper/resources/messages_es.properties
Index: messages_es.properties
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/resources/messages_es.properties,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- messages_es.properties 2000/07/04 14:22:29 1.4
+++ messages_es.properties 2000/07/06 22:55:35 1.5
@@ -1,4 +1,4 @@
-# $Id: messages_es.properties,v 1.4 2000/07/04 14:22:29 nacho Exp $
+# $Id: messages_es.properties,v 1.5 2000/07/06 22:55:35 nacho Exp $
#
# Default localized string information
# Localized para Locale es_ES
@@ -174,7 +174,7 @@
\n\
<!DOCTYPE web-app\n\
\ PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"\n\
-\ "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">\n\
+\ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">\n\
<!-- automatically created by tomcat jspc -->\n\
<web-app>\n\
\n
1.3 +3 -3 jakarta-tomcat/src/share/org/apache/tomcat/core/LocalStrings_es.properties
Index: LocalStrings_es.properties
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/LocalStrings_es.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- LocalStrings_es.properties 2000/04/08 00:02:18 1.2
+++ LocalStrings_es.properties 2000/07/06 22:55:35 1.3
@@ -1,10 +1,10 @@
-# $Id: LocalStrings_es.properties,v 1.2 2000/04/08 00:02:18 craigmcc Exp $
+# $Id: LocalStrings_es.properties,v 1.3 2000/07/06 22:55:35 nacho Exp $
#
# Localized strings for package org.apache.tomcat.core
-# This is the default locale and is en_US
+# This is the Spanish Locale
-scfacade.getresource.npe=La ruta de acceso es nula
+scfacade.getresource.npe=La ruta de acceso no existe
scfacade.getresource.iae=La ruta de acceso {0} no es absoluta para la base de este contexto.
scfacade.context.iae=La rutas de acceso de Servlet deben comenzar con /: {0}
scfacade.dispatcher.iae=La ruta de accesso al Request dispatcher debe empezar con /: {0}
1.10 +2 -1 jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java
Index: JDBCRealm.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/JDBCRealm.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- JDBCRealm.java 2000/06/24 17:12:01 1.9
+++ JDBCRealm.java 2000/07/06 22:55:36 1.10
@@ -279,7 +279,8 @@
* @param credentials Password or other credentials to use in
* authenticating this username
*/
- public synchronized boolean authenticate(String username, String credentials) {
+ public synchronized boolean authenticate(String username
+ , String credentials) {
try {
// Establish the database connection if necessary
1.8 +28 -16 jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java
Index: StaticInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/StaticInterceptor.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- StaticInterceptor.java 2000/06/28 20:37:09 1.7
+++ StaticInterceptor.java 2000/07/06 22:55:36 1.8
@@ -306,16 +306,17 @@
log("Ends with \\/. " + absPath);
return null;
}
-
- String relPath=absPath.substring( base.length());
- if( debug>0) log( "RelPath = " + relPath );
-
- String relPathU=relPath.toUpperCase();
- if ( relPathU.startsWith("WEB-INF") ||
- relPathU.startsWith("META-INF")) {
- return null;
- }
-
+ if (absPath.length() > base.length())
+ {
+ String relPath=absPath.substring( base.length() + 1);
+ if( debug>0) log( "RelPath = " + relPath );
+
+ String relPathU=relPath.toUpperCase();
+ if ( relPathU.startsWith("WEB-INF") ||
+ relPathU.startsWith("META-INF")) {
+ return null;
+ }
+ }
return absPath;
}
@@ -361,7 +362,18 @@
String absPath=ctx.getRealPath( pathInfo );
File file = new File( absPath );
String requestURI=subReq.getRequestURI();
-
+ String base = ctx.getAbsolutePath();
+ if (absPath.length() > base.length())
+ {
+ String relPath=absPath.substring( base.length() + 1);
+ String relPathU=relPath.toUpperCase();
+ if ( relPathU.startsWith("WEB-INF") ||
+ relPathU.startsWith("META-INF")) {
+ context.getContextManager().handleStatus( req, res, 404);
+ return;
+ }
+ }
+
StringBuffer buf = new StringBuffer();
if (! inInclude) {
@@ -421,11 +433,11 @@
String fileName = fileNames[i];
// Don't display special dirs at top level
- if( "/".equals(pathInfo) &&
- "WEB-INF".equalsIgnoreCase(fileName) ||
- "META-INF".equalsIgnoreCase(fileName) )
- continue;
-
+ if( (pathInfo.length() == 0 || "/".equals(pathInfo)) &&
+ "WEB-INF".equalsIgnoreCase(fileName) ||
+ "META-INF".equalsIgnoreCase(fileName) )
+ continue;
+
File f = new File(file, fileName);
if (f.isDirectory()) {
1.7 +1 -1 jakarta-tomcat/src/tests/webpages/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/tests/webpages/WEB-INF/web.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- web.xml 2000/04/03 22:23:41 1.6
+++ web.xml 2000/07/06 22:55:37 1.7
@@ -2,7 +2,7 @@
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
- "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<servlet>
1.5 +1 -1 jakarta-tomcat/src/webpages/WEB-INF/web.xml
Index: web.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/webpages/WEB-INF/web.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- web.xml 1999/10/28 05:21:36 1.4
+++ web.xml 2000/07/06 22:55:37 1.5
@@ -2,7 +2,7 @@
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
- "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
+ "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
</web-app>