You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@apache.org on 2002/01/09 07:33:38 UTC
cvs commit: jakarta-tomcat/src/facade22/org/apache/tomcat/facade JspInterceptor.java
larryi 02/01/08 22:33:38
Modified: src/facade22/org/apache/tomcat/facade JspInterceptor.java
Log:
Avoid NPE when setDependency() is hit with an unsafe path. Return 404
in this situation.
Revision Changes Path
1.34 +11 -2 jakarta-tomcat/src/facade22/org/apache/tomcat/facade/JspInterceptor.java
Index: JspInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/facade22/org/apache/tomcat/facade/JspInterceptor.java,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- JspInterceptor.java 30 Nov 2001 04:37:12 -0000 1.33
+++ JspInterceptor.java 9 Jan 2002 06:33:38 -0000 1.34
@@ -602,9 +602,14 @@
ctx.getAbsolutePath(),
jspFile );
- // register the handler as dependend of the jspfile
+ // register the handler as dependent on the jspfile
if( dep==null ) {
dep=setDependency( ctx, mangler, handler );
+ // if dep is null then path is unsafe, return "not found"
+ if( dep == null ) {
+ return 404;
+ }
+
// update the servlet class name
handler.setServletClassName( mangler.getServletClassName() );
@@ -908,7 +913,11 @@
// create a lastModified checker.
if( debug>0) log.log("Registering dependency for " + handler );
Dependency dep=new Dependency();
- dep.setOrigin( new File(mangler.getJspFilePath()) );
+ String jspFilePath = mangler.getJspFilePath();
+ // if unsafe path, return null
+ if( jspFilePath == null )
+ return null;
+ dep.setOrigin( new File(jspFilePath) );
dep.setTarget( handler );
dep.setLocal( true );
File f=new File( mangler.getClassFileName() );
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>