You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2010/11/30 17:33:20 UTC

svn commit: r1040620 - /wicket/trunk/wicket/src/main/java/org/apache/wicket/request/resource/PackageResource.java

Author: mgrigorov
Date: Tue Nov 30 16:33:20 2010
New Revision: 1040620

URL: http://svn.apache.org/viewvc?rev=1040620&view=rev
Log:
Check the package resource's path for '../' and replace it with the configured placeholder.
If there is no configured placeholder then the resource guard will refuse to accept it.

Modified:
    wicket/trunk/wicket/src/main/java/org/apache/wicket/request/resource/PackageResource.java

Modified: wicket/trunk/wicket/src/main/java/org/apache/wicket/request/resource/PackageResource.java
URL: http://svn.apache.org/viewvc/wicket/trunk/wicket/src/main/java/org/apache/wicket/request/resource/PackageResource.java?rev=1040620&r1=1040619&r2=1040620&view=diff
==============================================================================
--- wicket/trunk/wicket/src/main/java/org/apache/wicket/request/resource/PackageResource.java (original)
+++ wicket/trunk/wicket/src/main/java/org/apache/wicket/request/resource/PackageResource.java Tue Nov 30 16:33:20 2010
@@ -30,6 +30,7 @@ import org.apache.wicket.util.lang.Packa
 import org.apache.wicket.util.lang.WicketObjects;
 import org.apache.wicket.util.resource.IResourceStream;
 import org.apache.wicket.util.resource.ResourceStreamNotFoundException;
+import org.apache.wicket.util.string.Strings;
 import org.apache.wicket.util.time.Time;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -132,17 +133,27 @@ public class PackageResource extends Abs
 		// Convert resource path to absolute path relative to base package
 		absolutePath = Packages.absolutePath(scope, name);
 
-		if (!accept(scope, name))
+		final String parentEscape = Application.get()
+			.getResourceSettings()
+			.getParentFolderPlaceholder();
+
+		if (Strings.isEmpty(parentEscape) == false)
+		{
+			path = Strings.replaceAll(name, "../", parentEscape + "/").toString();
+		}
+		else
+		{
+			path = name;
+		}
+
+		if (!accept(scope, path))
 		{
 			throw new PackageResourceBlockedException(
 				"Access denied to (static) package resource " + absolutePath +
 					". See IPackageResourceGuard");
 		}
 
-		// TODO WICKET-NG: Check path for ../
-
 		scopeName = scope.getName();
-		path = name;
 		this.locale = locale;
 		this.style = style;
 		this.variation = variation;