You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by iv...@apache.org on 2013/03/14 00:23:59 UTC
git commit: WICKET-5098 PackageResourceBlockedException under Windows for *.js files in web app's own packages, not in jars

Updated Branches:
  refs/heads/master 6b8ab22ea -> 435de422e


WICKET-5098 PackageResourceBlockedException under Windows for *.js files in web app's own packages, not in jars


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/435de422
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/435de422
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/435de422

Branch: refs/heads/master
Commit: 435de422ea5e013799709e39594e502c2913d753
Parents: 6b8ab22
Author: Igor Vaynberg <ig...@gmail.com>
Authored: Wed Mar 13 16:23:54 2013 -0700
Committer: Igor Vaynberg <ig...@gmail.com>
Committed: Wed Mar 13 16:23:54 2013 -0700

----------------------------------------------------------------------
 .../wicket/markup/html/PackageResourceGuard.java   |   21 +++++++++--
 .../markup/html/PackageResourceGuardTest.java      |   28 +++++++++++++++
 2 files changed, 45 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/435de422/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
index 94156f3..4fd6450 100644
--- a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
+++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
@@ -16,6 +16,7 @@
  */
 package org.apache.wicket.markup.html;
 
+import java.io.File;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -83,7 +84,8 @@ public class PackageResourceGuard implements IPackageResourceGuard
 		int ixExtension = path.lastIndexOf('.');
 		int len = path.length();
 		final String ext;
-		if (ixExtension <= 0 || ixExtension == len || (path.lastIndexOf('/') + 1) == ixExtension)
+		if (ixExtension <= 0 || ixExtension == len ||
+			(path.lastIndexOf(File.separator) + 1) == ixExtension)
 		{
 			ext = null;
 		}
@@ -107,7 +109,7 @@ public class PackageResourceGuard implements IPackageResourceGuard
 			return false;
 		}
 
-		String filename = Strings.lastPathComponent(path, '/');
+		String filename = Strings.lastPathComponent(path, File.separatorChar);
 		if (acceptFile(filename) == false)
 		{
 			log.warn("Access denied to shared (static) resource because of the file name: " + path);
@@ -128,11 +130,22 @@ public class PackageResourceGuard implements IPackageResourceGuard
 		if (!allowAccessToRootResources)
 		{
 			String absolute = path;
-			if (absolute.startsWith("/"))
+			if ("\\".equals(File.separator))
+			{
+				// handle a windows path which may have a drive letter in it
+
+				if (absolute.indexOf(":\\") > 0)
+				{
+					// strip the drive letter off the path
+					absolute = absolute.substring(absolute.indexOf(":\\") + 2);
+				}
+			}
+
+			if (absolute.startsWith(File.separator))
 			{
 				absolute = absolute.substring(1);
 			}
-			if (!absolute.contains("/"))
+			if (!absolute.contains(File.separator))
 			{
 				log.warn("Access to root directory is by default disabled for shared resources: " +
 					path);

http://git-wip-us.apache.org/repos/asf/wicket/blob/435de422/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
----------------------------------------------------------------------
diff --git a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
index 0620a62..2e6a792 100644
--- a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
+++ b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
@@ -16,6 +16,8 @@
  */
 package org.apache.wicket.markup.html;
 
+import java.io.File;
+
 import org.apache.wicket.WicketTestCase;
 import org.junit.Test;
 
@@ -37,5 +39,31 @@ public class PackageResourceGuardTest extends WicketTestCase
 
 		guard.setAllowAccessToRootResources(true);
 		assertTrue(guard.accept(Integer.TYPE, "test.gif"));
+
+
 	}
+
+	/**
+	 * Test whether Windows absolute paths are handled properly on the current system (properly
+	 * works on Windows and properly blocks on any other OS).
+	 */
+	@Test
+	public void acceptAbsolutePath()
+	{
+		PackageResourceGuard guard = new PackageResourceGuard();
+		guard.setAllowAccessToRootResources(false);
+
+		assertTrue(guard.acceptAbsolutePath("/test/test.js"));
+		assertFalse(guard.acceptAbsolutePath("/test.js"));
+
+		if ("\\".equals(File.pathSeparator))
+		{
+			assertTrue(guard.acceptAbsolutePath("c:\\test\\org\\apache\\test.js"));
+			assertTrue(guard.acceptAbsolutePath("\\test\\org\\apache\\test.js"));
+			assertFalse(guard.acceptAbsolutePath("c:\\test.js"));
+			assertFalse(guard.acceptAbsolutePath("\\test.js"));
+		}
+
+	}
+
 }