Author: markt Date: Mon Mar 17 22:28:42 2014 New Revision: 1578637 URL: http://svn.apache.org/r1578637 Log: Redefine globalXsltFile as relative to CATALINA_BASE/conf or CATALINA_HOME/conf
Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/conf/web.xml tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml Propchange: tomcat/tc7.0.x/trunk/ ------------------------------------------------------------------------------ Merged /tomcat/trunk:r1578610 Modified: tomcat/tc7.0.x/trunk/conf/web.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/conf/web.xml?rev=1578637&r1=1578636&r2=1578637&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/conf/web.xml (original) +++ tomcat/tc7.0.x/trunk/conf/web.xml Mon Mar 17 22:28:42 2014 @@ -88,10 +88,10 @@ <!-- globalXsltFile[null] --> <!-- --> <!-- globalXsltFile Site wide configuration version of --> - <!-- localXsltFile This argument is expected --> - <!-- to be a physical file. [null] --> - <!-- --> - <!-- --> + <!-- localXsltFile. This argument must be a --> + <!-- relative path that points to a location below --> + <!-- either $CATALINA_BASE/conf (checked first) --> + <!-- or $CATALINA_BASE/conf (checked second).[null] --> <servlet> <servlet-name>default</servlet-name> Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1578637&r1=1578636&r2=1578637&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Mon Mar 17 22:28:42 2014 @@ -14,8 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - - package org.apache.catalina.servlets; @@ -36,6 +34,7 @@ import java.io.StringReader; import java.io.StringWriter; import java.util.ArrayList; import java.util.Iterator; +import java.util.Locale; import java.util.StringTokenizer; import javax.naming.InitialContext; @@ -1606,20 +1605,24 @@ public class DefaultServlet /* Open and read in file in one fell swoop to reduce chance * chance of leaving handle open. */ - if (globalXsltFile!=null) { - FileInputStream fis = null; - - try { - File f = new File(globalXsltFile); - if (f.exists()){ - fis =new FileInputStream(f); + if (globalXsltFile != null) { + File f = validateGlobalXsltFile(); + if (f != null && f.exists()){ + FileInputStream fis = null; + try { + fis = new FileInputStream(f); byte b[] = new byte[(int)f.length()]; /* danger! */ fis.read(b); return new ByteArrayInputStream(b); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException ioe) { + // Ignore + } + } } - } finally { - if (fis!=null) - fis.close(); } } @@ -1628,6 +1631,50 @@ public class DefaultServlet } + private File validateGlobalXsltFile() { + + File result = null; + String base = System.getProperty(Globals.CATALINA_BASE_PROP); + + if (base != null) { + File baseConf = new File(base, "conf"); + result = validateGlobalXsltFile(baseConf); + } + + if (result == null) { + String home = System.getProperty(Globals.CATALINA_HOME_PROP); + if (home != null) { + File homeConf = new File(home, "conf"); + result = validateGlobalXsltFile(homeConf); + } + } + + return result; + } + + + private File validateGlobalXsltFile(File base) { + File candidate = new File(base, globalXsltFile); + + // First check that the resulting path is under the provided base + try { + if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) { + return null; + } + } catch (IOException ioe) { + return null; + } + + // Next check that an .xlt or .xslt file has been specified + String nameLower = candidate.getName().toLowerCase(Locale.ENGLISH); + if (!nameLower.endsWith(".xslt") && !nameLower.endsWith(".xlt")) { + return null; + } + + return candidate; + } + + // -------------------------------------------------------- protected Methods Modified: tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml?rev=1578637&r1=1578636&r2=1578637&view=diff ============================================================================== --- tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/default-servlet.xml Mon Mar 17 22:28:42 2014 @@ -110,11 +110,12 @@ The DefaultServlet allows the following <th valign='top'>globalXsltFile</th> <td valign='top'> If you wish to customize your directory listing, you - can use an XSL transformation. This value is an absolute - file name which be used for all directory listings. - This can be overridden per context and/or per directory. See - <strong>contextXsltFile</strong> and <strong>localXsltFile</strong> - below. The format of the xml is shown below. + can use an XSL transformation. This value is a relative file name (to + either $CATALINA_BASE/conf/ or $CATALINA_HOME/conf/) which will be used + for all directory listings. This can be overridden per context and/or + per directory. See <strong>contextXsltFile</strong> and + <strong>localXsltFile</strong> below. The format of the xml is shown + below. </td> </tr> <tr> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org