You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by hl...@apache.org on 2005/03/13 00:10:23 UTC
cvs commit: jakarta-tapestry/framework/src/java/org/apache/tapestry/asset ResourceDigestSourceImpl.java
hlship 2005/03/12 15:10:23
Modified: framework/src/scripts TestLocalization.xml
TestAssetService.xml TestRelativeAssets.xml
framework/src/java/org/apache/tapestry/asset
ResourceDigestSourceImpl.java
Log:
TAPESTRY-281: Fix security loop-hole caused by asset service.
Add a service encoding specialized for the asset service.
Revision Changes Path
1.6 +3 -3 jakarta-tapestry/framework/src/scripts/TestLocalization.xml
Index: TestLocalization.xml
===================================================================
RCS file: /home/cvs/jakarta-tapestry/framework/src/scripts/TestLocalization.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- TestLocalization.xml 12 Mar 2005 20:49:15 -0000 1.5
+++ TestLocalization.xml 12 Mar 2005 23:10:22 -0000 1.6
@@ -65,7 +65,7 @@
<assert-output name="English Home image">
<![CDATA[
-/mock/app?md5=980b1f24a8d2381f7fa75b095989f7e7&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fhome.png&service=asset
+/mock/app?digest=980b1f24a8d2381f7fa75b095989f7e7&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fhome.png&service=asset
]]>
</assert-output>
@@ -86,7 +86,7 @@
<assert-output name="French Home image">
<![CDATA[
-/mock/app?md5=64c0a48177b614031fcd8039550334ed&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fhome_fr.png&service=asset
+/mock/app?digest=64c0a48177b614031fcd8039550334ed&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fhome_fr.png&service=asset
]]>
</assert-output>
@@ -134,7 +134,7 @@
<assert-output name="French Home image">
<![CDATA[
-/mock/app?md5=64c0a48177b614031fcd8039550334ed&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fhome_fr.png&service=asset
+/mock/app?digest=64c0a48177b614031fcd8039550334ed&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fhome_fr.png&service=asset
]]>
</assert-output>
1.5 +2 -2 jakarta-tapestry/framework/src/scripts/TestAssetService.xml
Index: TestAssetService.xml
===================================================================
RCS file: /home/cvs/jakarta-tapestry/framework/src/scripts/TestAssetService.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- TestAssetService.xml 12 Mar 2005 20:49:15 -0000 1.4
+++ TestAssetService.xml 12 Mar 2005 23:10:22 -0000 1.5
@@ -32,14 +32,14 @@
<assert-output name="Image Tag">
<![CDATA[
-<img src="/c16/app?md5=f6324ac8f24f0a7f4850221b0f14c865&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fc16%2Flogo.png&service=asset" border="0"/>
+<img src="/c16/app?digest=f6324ac8f24f0a7f4850221b0f14c865&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fc16%2Flogo.png&service=asset" border="0"/>
]]>
</assert-output>
</request>
<request>
<parameter name="service" value="asset"/>
- <parameter name="md5" value="f6324ac8f24f0a7f4850221b0f14c865"/>
+ <parameter name="digest" value="f6324ac8f24f0a7f4850221b0f14c865"/>
<parameter name="path" value="/org/apache/tapestry/junit/mock/c16/logo.png"/>
<assert-output-stream name="Image Content"
1.5 +1 -1 jakarta-tapestry/framework/src/scripts/TestRelativeAssets.xml
Index: TestRelativeAssets.xml
===================================================================
RCS file: /home/cvs/jakarta-tapestry/framework/src/scripts/TestRelativeAssets.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- TestRelativeAssets.xml 12 Mar 2005 20:49:15 -0000 1.4
+++ TestRelativeAssets.xml 12 Mar 2005 23:10:22 -0000 1.5
@@ -37,7 +37,7 @@
<assert-output name="Private Asset">
<![CDATA[
-/mock/app?md5=a87e71b10295ea577a18c087e8cc035d&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fimages%2FPrivateAsset.gif&service=asset
+/mock/app?digest=a87e71b10295ea577a18c087e8cc035d&path=%2Forg%2Fapache%2Ftapestry%2Fjunit%2Fmock%2Fapp%2Fimages%2FPrivateAsset.gif&service=asset
]]>
</assert-output>
1.2 +1 -1 jakarta-tapestry/framework/src/java/org/apache/tapestry/asset/ResourceDigestSourceImpl.java
Index: ResourceDigestSourceImpl.java
===================================================================
RCS file: /home/cvs/jakarta-tapestry/framework/src/java/org/apache/tapestry/asset/ResourceDigestSourceImpl.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ResourceDigestSourceImpl.java 12 Mar 2005 20:49:15 -0000 1.1
+++ ResourceDigestSourceImpl.java 12 Mar 2005 23:10:23 -0000 1.2
@@ -76,7 +76,7 @@
try
{
- MessageDigest digest = MessageDigest.getInstance("DIGEST");
+ MessageDigest digest = MessageDigest.getInstance("MD5");
stream = new BufferedInputStream(url.openStream());
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org