https://issues.apache.org/bugzilla/show_bug.cgi?id=56070
Bug ID: 56070
Summary: the resource url is wrong!
Product: Tomcat 8
Version: trunk
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
previously,my servlet:
(WebappClassLoader)getClass().getClassLoader().getResource("/../tmplog/logs")
return url:
/myweb/../tmplog/logs
and my security validation code:
-------------
if (url.indexOf("/../")>-1)
return false;
-------------will false!!!!
but now:
it's will be:
/tmplog/logs
if (url.indexOf("/../")>-1)
return false;
---------------will true!!!!!
so,the resourse url is "/myweb/../tmplog/logs", not "/tmplog/logs".
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
