You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tapestry.apache.org by hl...@apache.org on 2005/03/12 23:58:23 UTC
cvs commit: jakarta-tapestry/framework/src/java/org/apache/tapestry/asset AssetService.java
hlship 2005/03/12 14:58:23
Modified: framework/src/java/org/apache/tapestry/asset
AssetService.java
Log:
TAPESTRY-281: Fix security loop-hole caused by asset service.
Add a service encoding specialized for the asset service.
Revision Changes Path
1.11 +2 -2 jakarta-tapestry/framework/src/java/org/apache/tapestry/asset/AssetService.java
Index: AssetService.java
===================================================================
RCS file: /home/cvs/jakarta-tapestry/framework/src/java/org/apache/tapestry/asset/AssetService.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- AssetService.java 12 Mar 2005 20:49:15 -0000 1.10
+++ AssetService.java 12 Mar 2005 22:58:23 -0000 1.11
@@ -135,13 +135,13 @@
if (externalURL != null)
return new StaticLink(externalURL);
- String md5 = _digestSource.getDigestForResource(path);
+ String digest = _digestSource.getDigestForResource(path);
Map parameters = new HashMap();
parameters.put(ServiceConstants.SERVICE, Tapestry.ASSET_SERVICE);
parameters.put(PATH, path);
- parameters.put(DIGEST, md5);
+ parameters.put(DIGEST, digest);
// Service is stateless, which is the exception to the rule.
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org