You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by th...@apache.org on 2021/04/04 13:32:13 UTC
[tapestry-5] branch 5.6.x updated: TAP5-2670: Better handling of
slashes in context asset URLs
This is an automated email from the ASF dual-hosted git repository.
thiagohp pushed a commit to branch 5.6.x
in repository https://gitbox.apache.org/repos/asf/tapestry-5.git
The following commit(s) were added to refs/heads/5.6.x by this push:
new 4d2f9cf TAP5-2670: Better handling of slashes in context asset URLs
4d2f9cf is described below
commit 4d2f9cf94f547cfd5be7f56dc3ab142d299a1b6c
Author: Thiago H. de Paula Figueiredo <th...@arsmachina.com.br>
AuthorDate: Sun Apr 4 10:32:03 2021 -0300
TAP5-2670: Better handling of slashes in context asset URLs
---
.../internal/services/assets/ContextAssetRequestHandler.java | 2 +-
.../internal/services/assets/ContextAssetRequestHandlerTest.java | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
index 473eded..88580f6 100644
--- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
+++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
@@ -35,7 +35,7 @@ public class ContextAssetRequestHandler implements AssetRequestHandler
private final Resource rootContextResource;
- private final Pattern illegal = Pattern.compile("^(/*((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
+ private final Pattern illegal = Pattern.compile("^([\\\\/]*((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
public ContextAssetRequestHandler(ResourceStreamer resourceStreamer, Resource rootContextResource)
{
diff --git a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
index 767ed12..46a3e3c 100644
--- a/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
+++ b/tapestry-core/src/test/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandlerTest.java
@@ -30,7 +30,12 @@ public class ContextAssetRequestHandlerTest extends TestBase
{"web-Inf/classes/hibernate.cfg.xml"},
{"Meta-Inf/MANIFEST.mf"},
{"Index.tml"},
- {"folder/FolderIndex.TML"}};
+ {"folder/FolderIndex.TML"},
+ {"\\WEB-INF/something.jpg"},
+ {"\\//WEB-INF/something.jpg"},
+ {"//WEB-INF/something.jpg"},
+ {"//\\\\WEB-INF/something.jpg"}
+ };
}
@Test(dataProvider = "invalid_paths")