You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Alexander Leyke <al...@cs.com> on 2003/02/18 21:14:02 UTC
JSP @include directive
Hi,
I need to use include directive in JSP that points to file physically
located outside directory tree for Web application context. I tested two
forms of include directive: <%@include file="/../inc/name.inc" %> and
<%@include file="/symlink/name.inc" %>.
As far as I can tell from Tomcat 4.1.18 sources the former is forbidden,
i.e., cannot specify path that goes beyond application context. The
latter is OK, as long as
org.apache.naming.resources.FileDirContext.setAllowLinking() has been
called with true argument. Symlinks are disallowed by default and I
don't see any place in the code where setAllowLinking method gets
called. Sounds like a problem to me.
Please tell me if above behavior is erroneous, and how can I cope with
this situation.
Thank you,
Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: JSP @include directive
Posted by Remy Maucherat <re...@apache.org>.
Alexander Leyke wrote:
> Hi,
>
> I need to use include directive in JSP that points to file physically
> located outside directory tree for Web application context. I tested two
> forms of include directive: <%@include file="/../inc/name.inc" %> and
> <%@include file="/symlink/name.inc" %>.
>
> As far as I can tell from Tomcat 4.1.18 sources the former is forbidden,
> i.e., cannot specify path that goes beyond application context. The
> latter is OK, as long as
> org.apache.naming.resources.FileDirContext.setAllowLinking() has been
> called with true argument.
You have to use a Resources element for that to be called.
Remy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org