Updated Branches: refs/heads/wicket-1.5.x 2375c9e07 -> e946b32cd
WICKET-4427 possible to bypass PackageResourceGuard Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/e946b32c Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/e946b32c Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/e946b32c Branch: refs/heads/wicket-1.5.x Commit: e946b32cd79fcb943369f15bf0ebf69a8a35d065 Parents: 2375c9e Author: martin-g <[email protected]> Authored: Fri Feb 24 15:09:45 2012 +0100 Committer: martin-g <[email protected]> Committed: Fri Feb 24 15:11:26 2012 +0100 ---------------------------------------------------------------------- .../wicket/markup/html/PackageResourceGuard.java | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/e946b32c/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java ---------------------------------------------------------------------- diff --git a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java index 8f07086..5204496 100644 --- a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java +++ b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java @@ -90,7 +90,7 @@ public class PackageResourceGuard implements IPackageResourceGuard } else { - ext = path.substring(ixExtension + 1).toLowerCase(); + ext = path.substring(ixExtension + 1).toLowerCase().trim(); } if ("html".equals(ext) && @@ -166,6 +166,10 @@ public class PackageResourceGuard implements IPackageResourceGuard */ protected boolean acceptFile(String file) { + if (file != null) + { + file = file.trim(); + } return (!blockedFiles.contains(file)); }
