You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by mu...@apache.org on 2007/05/17 23:26:58 UTC
svn commit: r539122 -
/struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
Author: musachy
Date: Thu May 17 14:26:57 2007
New Revision: 539122
URL: http://svn.apache.org/viewvc?view=rev&rev=539122
Log:
WW-1769 Security hole in config parameter of the viewSource action in struts2-showcase example app
* This is not really a problem, but for the sake of PlanetStruts
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
Modified: struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
URL: http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java?view=diff&rev=539122&r1=539121&r2=539122
==============================================================================
--- struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java (original)
+++ struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java Thu May 17 14:26:57 2007
@@ -30,7 +30,9 @@
import java.util.List;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.struts2.ServletActionContext;
import org.apache.struts2.util.ServletContextAware;
import com.opensymphony.xwork2.ActionSupport;
@@ -81,7 +83,9 @@
classLines = read(in, -1);
}
- if (config != null && config.trim().length() > 0) {
+ String rootPath = ServletActionContext.getServletContext().getRealPath("/");
+
+ if (config != null && config.trim().length() > 0 && (rootPath == null || config.startsWith(rootPath))) {
int pos = config.lastIndexOf(':');
configLine = Integer.parseInt(config.substring(pos+1));
config = config.substring(0, pos).replace("//", "/");