Re: Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext
Thanks for the prompt reply! On Fri, Sep 1, 2017 at 2:12 PM, Mark Thomaswrote: > On 31/08/17 17:03, Constantin Erckenbrecht wrote: > > Hi, > > > > A change in 7.0.81/7.0.80 changed the File resolution in > VirtualDirContext. > > > > In 7.0.79 and before it was possible to use paths with /../ or any other > > non-canonical path. This was particularly useful when using placeholders > > that are being replaced at compile time like > > > > extraResourcePaths="/=${project.basedir}/../some/other/dir” > > > > The new calls to validate(File file, boolean mustExist, String > > absoluteBase) prevent this, as inside the validate method the file name > is > > canocialized and compared against the absoluteBase path, which is not > being > > canonicalized. > > > > Hence, when using a non-canonical path as an extraResourcePath the > validate > > function incorrectly assumes that the requested file is outside the > > application root. > > > > Any chance that this can be fixed? > > Fixed in 7.0.x for 7.0.82 onwards. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Constantin Erckenbrecht
Re: Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext
On 31/08/17 17:03, Constantin Erckenbrecht wrote: > Hi, > > A change in 7.0.81/7.0.80 changed the File resolution in VirtualDirContext. > > In 7.0.79 and before it was possible to use paths with /../ or any other > non-canonical path. This was particularly useful when using placeholders > that are being replaced at compile time like > > extraResourcePaths="/=${project.basedir}/../some/other/dir” > > The new calls to validate(File file, boolean mustExist, String > absoluteBase) prevent this, as inside the validate method the file name is > canocialized and compared against the absoluteBase path, which is not being > canonicalized. > > Hence, when using a non-canonical path as an extraResourcePath the validate > function incorrectly assumes that the requested file is outside the > application root. > > Any chance that this can be fixed? Fixed in 7.0.x for 7.0.82 onwards. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext
Hi, A change in 7.0.81/7.0.80 changed the File resolution in VirtualDirContext. In 7.0.79 and before it was possible to use paths with /../ or any other non-canonical path. This was particularly useful when using placeholders that are being replaced at compile time like extraResourcePaths="/=${project.basedir}/../some/other/dir” The new calls to validate(File file, boolean mustExist, String absoluteBase) prevent this, as inside the validate method the file name is canocialized and compared against the absoluteBase path, which is not being canonicalized. Hence, when using a non-canonical path as an extraResourcePath the validate function incorrectly assumes that the requested file is outside the application root. Any chance that this can be fixed? Thanks.