This is an automated email from the ASF dual-hosted git repository.
olamy pushed a commit to branch archiva-2.x
in repository https://gitbox.apache.org/repos/asf/archiva.git
The following commit(s) were added to refs/heads/archiva-2.x by this push:
new 930460424 validate path
930460424 is described below
commit 930460424c715f52a7cb5eef5b084a7a8ef31fb5
Author: Olivier Lamy <[email protected]>
AuthorDate: Mon Sep 5 13:38:49 2022 +1000
validate path
Signed-off-by: Olivier Lamy <[email protected]>
---
archiva-modules/archiva-web/archiva-webapp/pom.xml | 113 ---------------------
.../maven2/ManagedDefaultRepositoryContent.java | 7 ++
2 files changed, 7 insertions(+), 113 deletions(-)
diff --git a/archiva-modules/archiva-web/archiva-webapp/pom.xml
b/archiva-modules/archiva-web/archiva-webapp/pom.xml
index 6e0c55e90..a6152f641 100644
--- a/archiva-modules/archiva-web/archiva-webapp/pom.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/pom.xml
@@ -591,46 +591,6 @@
</exclusion>
</exclusions>
</dependency>
-
-
- <!-- sirona -->
- <!--
- FIXME for some reasons doesn't work with the jetty app see MRM-1792
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-jdbc</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-spring</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-reporting</artifactId>
- <classifier>classes</classifier>
- </dependency>
- -->
- <!--
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-ehcache-agent</artifactId>
- </dependency>
-
-
- <dependency>
- <groupId>org.apache.sirona</groupId>
- <artifactId>sirona-cassandra</artifactId>
- </dependency>
- -->
-
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
@@ -865,79 +825,6 @@
<plugins>
- <!-- commented as not needed now
- <plugin>
- <groupId>com.samaxes.maven</groupId>
- <artifactId>maven-minify-plugin</artifactId>
- <version>1.3.5</version>
- <executions>
- <execution>
- <id>startup-minify</id>
- <phase>generate-resources</phase>
- <configuration>
- <webappSourceDir>${basedir}/src/main/webapp</webappSourceDir>
- <cssSourceDir>css</cssSourceDir>
- <cssSourceFiles>
- <cssSourceFile>jquery-ui-1.8.16.custom.css</cssSourceFile>
- <cssSourceFile>jquery.ui.1.8.16.ie.css</cssSourceFile>
- <cssSourceFile>bootstrap.2.0.2.css</cssSourceFile>
- <cssSourceFile>archiva.css</cssSourceFile>
- </cssSourceFiles>
-
<cssFinalFile>apache-archiva-${project.version}.css</cssFinalFile>
- <jsSourceDir>js</jsSourceDir>
- <jsSourceFiles>
- <jsSourceFile>jquery-1.7.2.js</jsSourceFile>
- <jsSourceFile>lab.js</jsSourceFile>
- <jsSourceFile>require.1.0.1.js</jsSourceFile>
- </jsSourceFiles>
-
<jsFinalFile>apache-archiva-startup-${project.version}.js</jsFinalFile>
- </configuration>
- <goals>
- <goal>minify</goal>
- </goals>
- </execution>
- <execution>
- <id>main-minify</id>
- <phase>generate-resources</phase>
- <configuration>
- <webappSourceDir>${basedir}/src/main/webapp</webappSourceDir>
- <jsSourceDir>js</jsSourceDir>
- <jsSourceFiles>
- <jsSourceFile>jquery.tmpl.js</jsSourceFile>
- <jsSourceFile>archiva/utils.js</jsSourceFile>
- <jsSourceFile>jquery.i18n.properties-1.0.9.js</jsSourceFile>
- <jsSourceFile>archiva/i18nload.js</jsSourceFile>
- <jsSourceFile>jquery.cookie.1.0.0.js</jsSourceFile>
- <jsSourceFile>knockout-debug.js</jsSourceFile>
- <jsSourceFile>jquery-ui-1.8.16.custom.min.js</jsSourceFile>
- <jsSourceFile>jquery.validate.js</jsSourceFile>
- <jsSourceFile>jquery.json-2.3.min.js</jsSourceFile>
- <jsSourceFile>archiva/main-tmpl.js</jsSourceFile>
- <jsSourceFile>archiva/repositories.js</jsSourceFile>
- <jsSourceFile>archiva/network-proxies.js</jsSourceFile>
- <jsSourceFile>archiva/proxy-connectors.js</jsSourceFile>
- <jsSourceFile>redback/operation.js</jsSourceFile>
- <jsSourceFile>redback/redback-tmpl.js</jsSourceFile>
- <jsSourceFile>bootstrap.2.0.2.js</jsSourceFile>
- <jsSourceFile>knockout.simpleGrid.js</jsSourceFile>
- <jsSourceFile>redback/user.js</jsSourceFile>
- <jsSourceFile>redback/users.js</jsSourceFile>
- <jsSourceFile>redback/redback.js</jsSourceFile>
- <jsSourceFile>redback/register.js</jsSourceFile>
- <jsSourceFile>redback/permission.js</jsSourceFile>
- <jsSourceFile>redback/resource.js</jsSourceFile>
- <jsSourceFile>redback/roles.js</jsSourceFile>
- <jsSourceFile>archiva/main.js</jsSourceFile>
- </jsSourceFiles>
-
<jsFinalFile>apache-archiva-main-${project.version}.js</jsFinalFile>
- </configuration>
- <goals>
- <goal>minify</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- -->
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
diff --git
a/archiva-modules/plugins/maven2-repository/src/main/java/org/apache/archiva/repository/content/maven2/ManagedDefaultRepositoryContent.java
b/archiva-modules/plugins/maven2-repository/src/main/java/org/apache/archiva/repository/content/maven2/ManagedDefaultRepositoryContent.java
index aa4ca8a5a..3304d4868 100644
---
a/archiva-modules/plugins/maven2-repository/src/main/java/org/apache/archiva/repository/content/maven2/ManagedDefaultRepositoryContent.java
+++
b/archiva-modules/plugins/maven2-repository/src/main/java/org/apache/archiva/repository/content/maven2/ManagedDefaultRepositoryContent.java
@@ -91,6 +91,13 @@ public class ManagedDefaultRepositoryContent
{
throw new ContentNotFoundException( "cannot found project " +
namespace + ":" + projectId );
}
+ try {
+ if
(!directory.getCanonicalPath().equals(directory.getAbsolutePath())) {
+ throw new ContentNotFoundException( "Invalid directory for
project " + namespace + ":" + projectId );
+ }
+ } catch (IOException e) {
+ throw new RepositoryException(e.getMessage(), e);
+ }
if ( directory.isDirectory() )
{
try
