git commit: WICKET-5098 PackageResourceBlockedException under Windows for *.js files in web app's own packages, not in jars

Wed, 13 Mar 2013 16:24:00 -0700 

Updated Branches:
  refs/heads/master 6b8ab22ea -> 435de422e


WICKET-5098 PackageResourceBlockedException under Windows for *.js files in web 
app's own packages, not in jars


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/435de422
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/435de422
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/435de422

Branch: refs/heads/master
Commit: 435de422ea5e013799709e39594e502c2913d753
Parents: 6b8ab22
Author: Igor Vaynberg <[email protected]>
Authored: Wed Mar 13 16:23:54 2013 -0700
Committer: Igor Vaynberg <[email protected]>
Committed: Wed Mar 13 16:23:54 2013 -0700

----------------------------------------------------------------------
 .../wicket/markup/html/PackageResourceGuard.java   |   21 +++++++++--
 .../markup/html/PackageResourceGuardTest.java      |   28 +++++++++++++++
 2 files changed, 45 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/435de422/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
 
b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
index 94156f3..4fd6450 100644
--- 
a/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
+++ 
b/wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java
@@ -16,6 +16,7 @@
  */
 package org.apache.wicket.markup.html;
 
+import java.io.File;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -83,7 +84,8 @@ public class PackageResourceGuard implements 
IPackageResourceGuard
                int ixExtension = path.lastIndexOf('.');
                int len = path.length();
                final String ext;
-               if (ixExtension <= 0 || ixExtension == len || 
(path.lastIndexOf('/') + 1) == ixExtension)
+               if (ixExtension <= 0 || ixExtension == len ||
+                       (path.lastIndexOf(File.separator) + 1) == ixExtension)
                {
                        ext = null;
                }
@@ -107,7 +109,7 @@ public class PackageResourceGuard implements 
IPackageResourceGuard
                        return false;
                }
 
-               String filename = Strings.lastPathComponent(path, '/');
+               String filename = Strings.lastPathComponent(path, 
File.separatorChar);
                if (acceptFile(filename) == false)
                {
                        log.warn("Access denied to shared (static) resource 
because of the file name: " + path);
@@ -128,11 +130,22 @@ public class PackageResourceGuard implements 
IPackageResourceGuard
                if (!allowAccessToRootResources)
                {
                        String absolute = path;
-                       if (absolute.startsWith("/"))
+                       if ("\\".equals(File.separator))
+                       {
+                               // handle a windows path which may have a drive 
letter in it
+
+                               if (absolute.indexOf(":\\") > 0)
+                               {
+                                       // strip the drive letter off the path
+                                       absolute = 
absolute.substring(absolute.indexOf(":\\") + 2);
+                               }
+                       }
+
+                       if (absolute.startsWith(File.separator))
                        {
                                absolute = absolute.substring(1);
                        }
-                       if (!absolute.contains("/"))
+                       if (!absolute.contains(File.separator))
                        {
                                log.warn("Access to root directory is by 
default disabled for shared resources: " +
                                        path);

http://git-wip-us.apache.org/repos/asf/wicket/blob/435de422/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
----------------------------------------------------------------------
diff --git 
a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
 
b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
index 0620a62..2e6a792 100644
--- 
a/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
+++ 
b/wicket-core/src/test/java/org/apache/wicket/markup/html/PackageResourceGuardTest.java
@@ -16,6 +16,8 @@
  */
 package org.apache.wicket.markup.html;
 
+import java.io.File;
+
 import org.apache.wicket.WicketTestCase;
 import org.junit.Test;
 
@@ -37,5 +39,31 @@ public class PackageResourceGuardTest extends WicketTestCase
 
                guard.setAllowAccessToRootResources(true);
                assertTrue(guard.accept(Integer.TYPE, "test.gif"));
+
+
        }
+
+       /**
+        * Test whether Windows absolute paths are handled properly on the 
current system (properly
+        * works on Windows and properly blocks on any other OS).
+        */
+       @Test
+       public void acceptAbsolutePath()
+       {
+               PackageResourceGuard guard = new PackageResourceGuard();
+               guard.setAllowAccessToRootResources(false);
+
+               assertTrue(guard.acceptAbsolutePath("/test/test.js"));
+               assertFalse(guard.acceptAbsolutePath("/test.js"));
+
+               if ("\\".equals(File.pathSeparator))
+               {
+                       
assertTrue(guard.acceptAbsolutePath("c:\\test\\org\\apache\\test.js"));
+                       
assertTrue(guard.acceptAbsolutePath("\\test\\org\\apache\\test.js"));
+                       assertFalse(guard.acceptAbsolutePath("c:\\test.js"));
+                       assertFalse(guard.acceptAbsolutePath("\\test.js"));
+               }
+
+       }
+
 }

Reply via email to