You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by la...@locus.apache.org on 2000/08/28 04:50:44 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util FileUtil.java
larryi 00/08/27 19:50:43
Modified: src/share/org/apache/tomcat/util Tag: tomcat_32
FileUtil.java
Log:
Apply fix to allow the use of ".." to tomcat_32 branch.
Revision Changes Path
No revision
No revision
1.9.2.2 +41 -5 jakarta-tomcat/src/share/org/apache/tomcat/util/FileUtil.java
Index: FileUtil.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/FileUtil.java,v
retrieving revision 1.9.2.1
retrieving revision 1.9.2.2
diff -u -r1.9.2.1 -r1.9.2.2
--- FileUtil.java 2000/07/11 20:11:58 1.9.2.1
+++ FileUtil.java 2000/08/28 02:50:43 1.9.2.2
@@ -1,7 +1,7 @@
/*
- * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/FileUtil.java,v 1.9.2.1 2000/07/11 20:11:58 nacho Exp $
- * $Revision: 1.9.2.1 $
- * $Date: 2000/07/11 20:11:58 $
+ * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/FileUtil.java,v 1.9.2.2 2000/08/28 02:50:43 larryi Exp $
+ * $Revision: 1.9.2.2 $
+ * $Date: 2000/08/28 02:50:43 $
*
* ====================================================================
*
@@ -130,12 +130,48 @@
*/
public static String safePath( String base, String path ) {
// Hack for Jsp ( and other servlets ) that use rel. paths
- if( ! path.startsWith("/") ) path="/"+ path;
+ // if( ! path.startsWith("/") ) path="/"+ path;
String normP=path;
if( path.indexOf('\\') >=0 )
normP= path.replace('\\', '/');
-
+
+ if ( !normP.startsWith("/"))
+ normP = "/" + normP;
+
+ int index = normP.indexOf("/../");
+ if (index >= 0) {
+
+ // Clean out "//" and "/./" so they will not be confused
+ // with real parent directories
+ int index2 = 0;
+ while ((index2 = normP.indexOf("//", index2)) >= 0) {
+ normP = normP.substring(0, index2) +
+ normP.substring(index2 + 1);
+ if (index2 < index)
+ index--;
+ }
+ index2 = 0;
+ while ((index2 = normP.indexOf("/./", index2)) >= 0) {
+ normP = normP.substring(0, index2) +
+ normP.substring(index2 + 2);
+ if (index2 < index)
+ index -= 2;
+ }
+
+ // Remove cases of "/{directory}/../"
+ while (index >= 0) {
+ // If no parent directory to remove, return null
+ if (index == 0)
+ return (null); // Trying to leave our context
+ index2 = normP.lastIndexOf('/', index-1);
+ normP = normP.substring(0, index2) +
+ normP.substring(index + 3);
+ index = normP.indexOf("/../", index2);
+ }
+
+ }
+
String realPath= base + normP;
// Probably not needed - it will be used on the local FS