> On June 23, 2016, 6:09 p.m., Adam B wrote: > > src/files/files.cpp, lines 321-323 > > <https://reviews.apache.org/r/49131/diff/1-2/?file=1428282#file1428282line321> > > > > You don't even need the if clause anymore, since strings::remove() is a > > noop when "/" isn't the suffix.
Ah, thanks! - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49131/#review139282 ----------------------------------------------------------- On June 23, 2016, 6:55 p.m., Greg Mann wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49131/ > ----------------------------------------------------------- > > (Updated June 23, 2016, 6:55 p.m.) > > > Review request for mesos, Adam B and Vinod Kone. > > > Bugs: MESOS-5685 > https://issues.apache.org/jira/browse/MESOS-5685 > > > Repository: mesos > > > Description > ------- > > The `FilesProcess` stores an authorization callback > for every virtual path. If no callback is found when > authorizing a request, then it is assumed that path > is not authorizable, so the request is approved. > This led to a bug in which the callbacks for paths > with trailing slashes were not correctly identified, > leading to requests being incorrectly authorized. > > This patch modifies the '/files/read' and > '/files/download' endpoints to refuse requests for > paths which contain trailing slashes, since these > endpoints don't accept paths of directories. > > > Diffs > ----- > > src/files/files.cpp 20bc6fa0c22ab017c4e23a745c313a3caf0aec36 > src/tests/files_tests.cpp b8f4f3c25cdde2322f16b4699b3362db29aee989 > > Diff: https://reviews.apache.org/r/49131/diff/ > > > Testing > ------- > > `make check` on OSX > > Additional checks were added to the FilesTests to ensure that trailing > slashes are handled properly - i.e., either invalidated when appropriate, or > accepted and then authorized correctly otherwise. > > > Thanks, > > Greg Mann > >
