You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by co...@apache.org on 2001/01/06 00:56:37 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/jasper/runtime JspServlet.java
costin 01/01/05 15:56:37
Modified: src/share/org/apache/jasper/runtime Tag: J2EE_TOMCAT_30_1
JspServlet.java
Log:
Extra check for JSPs on Windows, similar with the one for static files.
Revision Changes Path
No revision
No revision
1.11.4.1 +17 -0 jakarta-tomcat/src/share/org/apache/jasper/runtime/Attic/JspServlet.java
Index: JspServlet.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/jasper/runtime/Attic/JspServlet.java,v
retrieving revision 1.11
retrieving revision 1.11.4.1
diff -u -r1.11 -r1.11.4.1
--- JspServlet.java 1999/12/13 05:58:50 1.11
+++ JspServlet.java 2001/01/05 23:56:36 1.11.4.1
@@ -349,6 +349,23 @@
System.err.println("\t\t "+name+" = "+request.getParameter(name));
}
}
+
+ if (File.separatorChar == '\\') {
+ // Checks similar with DefaultServlet
+ String realPath=getServletConfig().getServletContext().
+ getRealPath(jspUri);
+ File file=new File( realPath );
+ String absPath = file.getAbsolutePath();
+ String canPath = file.getCanonicalPath();
+
+ absPath = org.apache.tomcat.util.FileUtil.patch(absPath);
+
+ if(!absPath.equals(canPath)) {
+ response.sendError(response.SC_NOT_FOUND);
+ return;
+ }
+ }
+
serviceJspFile(request, response, jspUri, null, precompile);
} catch (RuntimeException e) {