You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Larry Isaacs <La...@sas.com> on 2000/07/06 20:29:50 UTC
RE: cvs commit: jakarta-tomcat/proposals/catalina/src/share/org/a
pache/tomcat/servlets DefaultServlet.java
Just a quick note. I build Catalina with your updated file. Currently, the WEB-INF and META-INF tests are case sensitive. Thus, on a Windows system, "/web-inf" and "/meta-inf" will display the directory.
Larry
-----Original Message-----
From: Craig R. McClanahan [mailto:craigmcc@locus.apache.org]
Sent: Thursday, July 06, 2000 1:21 PM
To: jakarta-tomcat-cvs@apache.org
Subject: cvs commit:
jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets
DefaultServlet.java
craigmcc 00/07/06 10:21:26
Modified: proposals/catalina/src/share/org/apache/tomcat/servlets
DefaultServlet.java
Log:
Prevent serving files from any /META-INF subdirectory as well as /WEB-INF.
Previously, the default servlet only prevented serving META-INF as a directory.
Revision Changes Path
1.10 +7 -6 jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java
Index: DefaultServlet.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- DefaultServlet.java 2000/06/24 19:48:56 1.9
+++ DefaultServlet.java 2000/07/06 17:21:24 1.10
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java,v 1.9 2000/06/24 19:48:56 remm Exp $
- * $Revision: 1.9 $
- * $Date: 2000/06/24 19:48:56 $
+ * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java,v 1.10 2000/07/06 17:21:24 craigmcc Exp $
+ * $Revision: 1.10 $
+ * $Date: 2000/07/06 17:21:24 $
*
* ====================================================================
*
@@ -104,7 +104,7 @@
*
* @author Craig R. McClanahan
* @author Remy Maucherat
- * @version $Revision: 1.9 $ $Date: 2000/06/24 19:48:56 $
+ * @version $Revision: 1.10 $ $Date: 2000/07/06 17:21:24 $
*/
public final class DefaultServlet
@@ -1072,8 +1072,9 @@
return;
}
- // Exclude any resource in the /WEB-INF subdirectory
- if (servletPath.startsWith("/WEB-INF")) {
+ // Exclude any resource in the /WEB-INF and /META-INF subdirectories
+ if (servletPath.startsWith("/WEB-INF") ||
+ servletPath.startsWith("/META-INF")) {
response.sendError(HttpServletResponse.SC_NOT_FOUND, servletPath);
return;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: cvs commit:
jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets
DefaultServlet.java
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Larry Isaacs wrote:
> Just a quick note. I build Catalina with your updated file. Currently, the WEB-INF and META-INF tests are case sensitive. Thus, on a Windows system, "/web-inf" and "/meta-inf" will display the directory.
>
Thanks ... I will fix that one soon.
>
> Larry
>
Craig
>
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@locus.apache.org]
> Sent: Thursday, July 06, 2000 1:21 PM
> To: jakarta-tomcat-cvs@apache.org
> Subject: cvs commit:
> jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets
> DefaultServlet.java
>
> craigmcc 00/07/06 10:21:26
>
> Modified: proposals/catalina/src/share/org/apache/tomcat/servlets
> DefaultServlet.java
> Log:
> Prevent serving files from any /META-INF subdirectory as well as /WEB-INF.
> Previously, the default servlet only prevented serving META-INF as a directory.
>
> Revision Changes Path
> 1.10 +7 -6 jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java
>
> Index: DefaultServlet.java
> ===================================================================
> RCS file: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java,v
> retrieving revision 1.9
> retrieving revision 1.10
> diff -u -r1.9 -r1.10
> --- DefaultServlet.java 2000/06/24 19:48:56 1.9
> +++ DefaultServlet.java 2000/07/06 17:21:24 1.10
> @@ -1,7 +1,7 @@
> /*
> - * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java,v 1.9 2000/06/24 19:48:56 remm Exp $
> - * $Revision: 1.9 $
> - * $Date: 2000/06/24 19:48:56 $
> + * $Header: /home/cvs/jakarta-tomcat/proposals/catalina/src/share/org/apache/tomcat/servlets/DefaultServlet.java,v 1.10 2000/07/06 17:21:24 craigmcc Exp $
> + * $Revision: 1.10 $
> + * $Date: 2000/07/06 17:21:24 $
> *
> * ====================================================================
> *
> @@ -104,7 +104,7 @@
> *
> * @author Craig R. McClanahan
> * @author Remy Maucherat
> - * @version $Revision: 1.9 $ $Date: 2000/06/24 19:48:56 $
> + * @version $Revision: 1.10 $ $Date: 2000/07/06 17:21:24 $
> */
>
> public final class DefaultServlet
> @@ -1072,8 +1072,9 @@
> return;
> }
>
> - // Exclude any resource in the /WEB-INF subdirectory
> - if (servletPath.startsWith("/WEB-INF")) {
> + // Exclude any resource in the /WEB-INF and /META-INF subdirectories
> + if (servletPath.startsWith("/WEB-INF") ||
> + servletPath.startsWith("/META-INF")) {
> response.sendError(HttpServletResponse.SC_NOT_FOUND, servletPath);
> return;
> }
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org