You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by co...@locus.apache.org on 2000/03/07 20:17:40 UTC

cvs commit: jakarta-tomcat/src/examples/WEB-INF/classes/examples ShowSource.java

costin      00/03/07 11:17:40

  Modified:    src/examples/WEB-INF/classes/examples ShowSource.java
  Log:
  Fixed ShowSource.java - don't display files with .. in path.
  
  Revision  Changes    Path
  1.2       +4 -0      jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java
  
  Index: ShowSource.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- ShowSource.java	1999/11/20 06:13:50	1.1
  +++ ShowSource.java	2000/03/07 19:17:40	1.2
  @@ -20,6 +20,10 @@
       }
   
       public int doEndTag() throws JspException {
  +	if( jspFile.indexOf( ".." ) >= 0 ) {
  +	    out.println("<body><h1>Invalid file " + jspFile + "</h1></body>");
  +	    return;
  +	}
           InputStream in
               = pageContext.getServletContext().getResourceAsStream(jspFile);