You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by th...@apache.org on 2021/04/04 13:32:13 UTC

[tapestry-5] branch 5.6.x updated: TAP5-2670: Better handling of slashes in context asset URLs

This is an automated email from the ASF dual-hosted git repository.

thiagohp pushed a commit to branch 5.6.x
in repository https://gitbox.apache.org/repos/asf/tapestry-5.git


The following commit(s) were added to refs/heads/5.6.x by this push:
     new 4d2f9cf  TAP5-2670: Better handling of slashes in context asset URLs
4d2f9cf is described below

commit 4d2f9cf94f547cfd5be7f56dc3ab142d299a1b6c
Author: Thiago H. de Paula Figueiredo <th...@arsmachina.com.br>
AuthorDate: Sun Apr 4 10:32:03 2021 -0300

    TAP5-2670: Better handling of slashes in context asset URLs
---
 .../internal/services/assets/ContextAssetRequestHandler.java       | 2 +-
 .../internal/services/assets/ContextAssetRequestHandlerTest.java   | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
index 473eded..88580f6 100644
--- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
+++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
@@ -35,7 +35,7 @@ public class ContextAssetRequestHandler implements AssetRequestHandler
 
     private final Resource rootContextResource;
 
-    private final Pattern illegal = Pattern.compile("^(/*((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
+    private final Pattern illegal = Pattern.compile("^([\\\\/]*((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
 
     public ContextAssetRequestHandler(ResourceStreamer resourceStreamer, Resource rootContextResource)
     {
diff --git a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
index 767ed12..46a3e3c 100644
--- a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
+++ b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
@@ -30,7 +30,12 @@ public class ContextAssetRequestHandlerTest extends TestBase
                         {"web-Inf/classes/hibernate.cfg.xml"},
                         {"Meta-Inf/MANIFEST.mf"},
                         {"Index.tml"},
-                        {"folder/FolderIndex.TML"}};
+                        {"folder/FolderIndex.TML"},
+                        {"\\WEB-INF/something.jpg"},
+                        {"\\//WEB-INF/something.jpg"},
+                        {"//WEB-INF/something.jpg"},
+                        {"//\\\\WEB-INF/something.jpg"}
+                };
     }
 
     @Test(dataProvider = "invalid_paths")