You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by re...@apache.org on 2002/02/27 20:06:35 UTC

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources FileDirContext.java

remm        02/02/27 11:06:35

  Modified:    catalina/src/share/org/apache/naming/resources
                        FileDirContext.java
  Log:
  - Add protection against going above the base path.
  
  Revision  Changes    Path
  1.11      +11 -6     jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java
  
  Index: FileDirContext.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- FileDirContext.java	27 Feb 2002 01:17:00 -0000	1.10
  +++ FileDirContext.java	27 Feb 2002 19:06:35 -0000	1.11
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v 1.10 2002/02/27 01:17:00 craigmcc Exp $
  - * $Revision: 1.10 $
  - * $Date: 2002/02/27 01:17:00 $
  + * $Header: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/naming/resources/FileDirContext.java,v 1.11 2002/02/27 19:06:35 remm Exp $
  + * $Revision: 1.11 $
  + * $Date: 2002/02/27 19:06:35 $
    *
    * ====================================================================
    *
  @@ -99,7 +99,7 @@
    * Filesystem Directory Context implementation helper class.
    *
    * @author Remy Maucherat
  - * @version $Revision: 1.10 $ $Date: 2002/02/27 01:17:00 $
  + * @version $Revision: 1.11 $ $Date: 2002/02/27 19:06:35 $
    */
   
   public class FileDirContext extends BaseDirContext {
  @@ -853,8 +853,13 @@
        * @param name Normalized context-relative path (with leading '/')
        */
       protected File file(String name) {
  -	if( File.separatorChar == '\\' )
  -            name = name.replace('/',File.separatorChar);
  +
  +        name = normalize(name);
  +        if (name == null)
  +            return (null);
  +
  +	if (File.separatorChar == '\\')
  +            name = name.replace('/', File.separatorChar);
   
           File file = new File(base, name);
           if (file.exists() && file.canRead()) {
  
  
  

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>