You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2012/02/24 15:09:47 UTC

git commit: WICKET-4427 possible to bypass PackageResourceGuard

Updated Branches:
  refs/heads/wicket-1.4.x 85abf151e -> 0bb3c3825


WICKET-4427 possible to bypass PackageResourceGuard


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/0bb3c382
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/0bb3c382
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/0bb3c382

Branch: refs/heads/wicket-1.4.x
Commit: 0bb3c3825c39bc27b32fa1f47e38e338856c2fae
Parents: 85abf15
Author: martin-g <mg...@apache.org>
Authored: Fri Feb 24 15:09:45 2012 +0100
Committer: martin-g <mg...@apache.org>
Committed: Fri Feb 24 15:09:45 2012 +0100

----------------------------------------------------------------------
 .../wicket/markup/html/PackageResourceGuard.java   |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/0bb3c382/wicket/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java b/wicket/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
index f0d2e5d..dd1ae88 100644
--- a/wicket/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
+++ b/wicket/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
@@ -88,7 +88,7 @@ public class PackageResourceGuard implements IPackageResourceGuard
 		}
 		else
 		{
-			ext = path.substring(ixExtension + 1).toLowerCase();
+			ext = path.substring(ixExtension + 1).toLowerCase().trim();
 		}
 
 		if ("html".equals(ext) &&
@@ -149,6 +149,10 @@ public class PackageResourceGuard implements IPackageResourceGuard
 	 */
 	protected boolean acceptFile(String file)
 	{
+		if (file != null)
+		{
+			file = file.trim();
+		}
 		return (!blockedFiles.contains(file));
 	}