> It might be a concern to others, but doing it in the resolver > would probably break just about everything in C2: the > resolver is used by the sitemap to get relative URLs for > every pipeline, matcher etc. And viewing the source using the > samples might use relative paths. > > I suggest that you subclass the default reader (which is what > you're using I > believe) and remove all string occurrences of '../' or '/..' > or somesuch before resolving. Then let the rest of the > reader's code execute, thereby returning 'invalid resource' > errors when appropriate. > > Note: You might want to remove the 'download' prefix on the > <map:read> in your sitemap and see if all of a sudden > absolute URLs work too. Ouch if they do.
It seems that absolute URLs are not a problem. The following examples give me an error page: URI: <cocoon base URI>/../filename.jpg <cocoon base URI>/download/../../filename.jpg <cocoon base URI>/images/../../filename.jpg error page: HTTP Status 404 - /filename.jpg ------------------------------------------------------------------------ -------- type Status report message /filename.jpg description The requested resource (/filename.jpg) is not available. ------------------------------------------------------------------------ -------- Apache Tomcat/4.1.3 Working URI: <cocoon base URI>/download/../filename.jpg Matthew > > Per --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
