You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2001/06/14 17:23:48 UTC

cvs commit: jakarta-tomcat/src/examples/WEB-INF/classes/examples ShowSource.java

marcsaeg    01/06/14 08:23:47

  Modified:    src/examples/WEB-INF/classes/examples Tag: tomcat_32
                        ShowSource.java
  Log:
  The code that attempted to prevent exposing the contents of files in the WEB-INF and META-INF directories was broken and actually prevented source files from being displayed.
  
  PR:  372
  Submitted by: Tony Robertson (tony_robertson@yahoo.com)
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.4.4.2   +2 -2      jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java
  
  Index: ShowSource.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/examples/WEB-INF/classes/examples/ShowSource.java,v
  retrieving revision 1.4.4.1
  retrieving revision 1.4.4.2
  diff -u -r1.4.4.1 -r1.4.4.2
  --- ShowSource.java	2000/12/10 03:07:51	1.4.4.1
  +++ ShowSource.java	2001/06/14 15:23:46	1.4.4.2
  @@ -21,8 +21,8 @@
   
       public int doEndTag() throws JspException {
   	if ((jspFile.indexOf( ".." ) >= 0) ||
  -            (jspFile.toUpperCase().indexOf("/WEB-INF/") != 0) ||
  -            (jspFile.toUpperCase().indexOf("/META-INF/") != 0))
  +            (jspFile.toUpperCase().indexOf("/WEB-INF/") >= 0) ||
  +            (jspFile.toUpperCase().indexOf("/META-INF/") >= 0))
   	    throw new JspTagException("Invalid JSP file " + jspFile);
   
           InputStream in