You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tapestry.apache.org by hl...@apache.org on 2010/04/19 15:46:41 UTC

svn commit: r935564 - /tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java

Author: hlship
Date: Mon Apr 19 13:46:40 2010
New Revision: 935564

URL: http://svn.apache.org/viewvc?rev=935564&view=rev
Log:
Ensure that the ContextAssetRequestHandler will forbid access to .tml files as well.

Modified:
    tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java

Modified: tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java?rev=935564&r1=935563&r2=935564&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java (original)
+++ tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java Mon Apr 19 13:46:40 2010
@@ -35,7 +35,7 @@ public class ContextAssetRequestHandler 
 
     private final Resource rootContextResource;
 
-    private final Pattern illegal = Pattern.compile("^(web|meta)-inf/.*", Pattern.CASE_INSENSITIVE);
+    private final Pattern illegal = Pattern.compile("^(((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
 
     public ContextAssetRequestHandler(ResourceStreamer resourceStreamer, Resource rootContextResource)
     {