Author: hlship
Date: Mon Apr 19 13:46:40 2010
New Revision: 935564
URL: http://svn.apache.org/viewvc?rev=935564&view=rev
Log:
Ensure that the ContextAssetRequestHandler will forbid access to .tml files as
well.
Modified:
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
Modified:
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
URL:
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java?rev=935564&r1=935563&r2=935564&view=diff
==============================================================================
---
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
(original)
+++
tapestry/tapestry5/trunk/tapestry-core/src/main/java/org/apache/tapestry5/internal/services/assets/ContextAssetRequestHandler.java
Mon Apr 19 13:46:40 2010
@@ -35,7 +35,7 @@ public class ContextAssetRequestHandler
private final Resource rootContextResource;
- private final Pattern illegal = Pattern.compile("^(web|meta)-inf/.*",
Pattern.CASE_INSENSITIVE);
+ private final Pattern illegal =
Pattern.compile("^(((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
public ContextAssetRequestHandler(ResourceStreamer resourceStreamer,
Resource rootContextResource)
{