You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/03/17 23:28:42 UTC
svn commit: r1578637 - in /tomcat/tc7.0.x/trunk: ./ conf/web.xml
java/org/apache/catalina/servlets/DefaultServlet.java
webapps/docs/default-servlet.xml
Author: markt
Date: Mon Mar 17 22:28:42 2014
New Revision: 1578637
URL: http://svn.apache.org/r1578637
Log:
Redefine globalXsltFile as relative to CATALINA_BASE/conf or CATALINA_HOME/conf
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/conf/web.xml
tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1578610
Modified: tomcat/tc7.0.x/trunk/conf/web.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/conf/web.xml?rev=1578637&r1=1578636&r2=1578637&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/conf/web.xml (original)
+++ tomcat/tc7.0.x/trunk/conf/web.xml Mon Mar 17 22:28:42 2014
@@ -88,10 +88,10 @@
<!-- globalXsltFile[null] -->
<!-- -->
<!-- globalXsltFile Site wide configuration version of -->
- <!-- localXsltFile This argument is expected -->
- <!-- to be a physical file. [null] -->
- <!-- -->
- <!-- -->
+ <!-- localXsltFile. This argument must be a -->
+ <!-- relative path that points to a location below -->
+ <!-- either $CATALINA_BASE/conf (checked first) -->
+ <!-- or $CATALINA_BASE/conf (checked second).[null] -->
<servlet>
<servlet-name>default</servlet-name>
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1578637&r1=1578636&r2=1578637&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Mon Mar 17 22:28:42 2014
@@ -14,8 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-
package org.apache.catalina.servlets;
@@ -36,6 +34,7 @@ import java.io.StringReader;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.Locale;
import java.util.StringTokenizer;
import javax.naming.InitialContext;
@@ -1606,20 +1605,24 @@ public class DefaultServlet
/* Open and read in file in one fell swoop to reduce chance
* chance of leaving handle open.
*/
- if (globalXsltFile!=null) {
- FileInputStream fis = null;
-
- try {
- File f = new File(globalXsltFile);
- if (f.exists()){
- fis =new FileInputStream(f);
+ if (globalXsltFile != null) {
+ File f = validateGlobalXsltFile();
+ if (f != null && f.exists()){
+ FileInputStream fis = null;
+ try {
+ fis = new FileInputStream(f);
byte b[] = new byte[(int)f.length()]; /* danger! */
fis.read(b);
return new ByteArrayInputStream(b);
+ } finally {
+ if (fis != null) {
+ try {
+ fis.close();
+ } catch (IOException ioe) {
+ // Ignore
+ }
+ }
}
- } finally {
- if (fis!=null)
- fis.close();
}
}
@@ -1628,6 +1631,50 @@ public class DefaultServlet
}
+ private File validateGlobalXsltFile() {
+
+ File result = null;
+ String base = System.getProperty(Globals.CATALINA_BASE_PROP);
+
+ if (base != null) {
+ File baseConf = new File(base, "conf");
+ result = validateGlobalXsltFile(baseConf);
+ }
+
+ if (result == null) {
+ String home = System.getProperty(Globals.CATALINA_HOME_PROP);
+ if (home != null) {
+ File homeConf = new File(home, "conf");
+ result = validateGlobalXsltFile(homeConf);
+ }
+ }
+
+ return result;
+ }
+
+
+ private File validateGlobalXsltFile(File base) {
+ File candidate = new File(base, globalXsltFile);
+
+ // First check that the resulting path is under the provided base
+ try {
+ if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {
+ return null;
+ }
+ } catch (IOException ioe) {
+ return null;
+ }
+
+ // Next check that an .xlt or .xslt file has been specified
+ String nameLower = candidate.getName().toLowerCase(Locale.ENGLISH);
+ if (!nameLower.endsWith(".xslt") && !nameLower.endsWith(".xlt")) {
+ return null;
+ }
+
+ return candidate;
+ }
+
+
// -------------------------------------------------------- protected Methods
Modified: tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml?rev=1578637&r1=1578636&r2=1578637&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml Mon Mar 17 22:28:42 2014
@@ -110,11 +110,12 @@ The DefaultServlet allows the following
<th valign='top'>globalXsltFile</th>
<td valign='top'>
If you wish to customize your directory listing, you
- can use an XSL transformation. This value is an absolute
- file name which be used for all directory listings.
- This can be overridden per context and/or per directory. See
- <strong>contextXsltFile</strong> and <strong>localXsltFile</strong>
- below. The format of the xml is shown below.
+ can use an XSL transformation. This value is a relative file name (to
+ either $CATALINA_BASE/conf/ or $CATALINA_HOME/conf/) which will be used
+ for all directory listings. This can be overridden per context and/or
+ per directory. See <strong>contextXsltFile</strong> and
+ <strong>localXsltFile</strong> below. The format of the xml is shown
+ below.
</td>
</tr>
<tr>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org