svn commit: r935564 - /tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java

[hlship]

Author: hlship
Date: Mon Apr 19 13:46:40 2010
New Revision: 935564

URL: http://svn.apache.org/viewvc?rev=935564&view=rev
Log:
Ensure that the ContextAssetRequestHandler will forbid access to .tml files as 
well.

Modified:
    
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java

Modified: 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
URL: 
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java?rev=935564&r1=935563&r2=935564&view=diff
==============================================================================
--- 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
 (original)
+++ 
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
 Mon Apr 19 13:46:40 2010
@@ -35,7 +35,7 @@ public class ContextAssetRequestHandler 
 
     private final Resource rootContextResource;
 
-    private final Pattern illegal = Pattern.compile("^(web|meta)-inf/.*", 
Pattern.CASE_INSENSITIVE);
+    private final Pattern illegal = 
Pattern.compile("^(((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
 
     public ContextAssetRequestHandler(ResourceStreamer resourceStreamer, 
Resource rootContextResource)
     {