Re: Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext

2017-09-02 Thread Constantin Erckenbrecht 
Thanks for the prompt reply!

On Fri, Sep 1, 2017 at 2:12 PM, Mark Thomas  wrote:

> On 31/08/17 17:03, Constantin Erckenbrecht wrote:
> > Hi,
> >
> > A change in 7.0.81/7.0.80 changed the File resolution in
> VirtualDirContext.
> >
> > In 7.0.79 and before it was possible to use paths with /../ or any other
> > non-canonical path. This was particularly useful when using placeholders
> > that are being replaced at compile time like
> >
> > extraResourcePaths="/=${project.basedir}/../some/other/dir”
> >
> > The new calls to validate(File file, boolean mustExist, String
> > absoluteBase) prevent this, as inside the validate method the file name
> is
> > canocialized and compared against the absoluteBase path, which is not
> being
> > canonicalized.
> >
> > Hence, when using a non-canonical path as an extraResourcePath the
> validate
> > function incorrectly assumes that the requested file is outside the
> > application root.
> >
> > Any chance that this can be fixed?
>
> Fixed in 7.0.x for 7.0.82 onwards.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Constantin Erckenbrecht

Re: Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext

2017-09-01 Thread Mark Thomas 
On 31/08/17 17:03, Constantin Erckenbrecht wrote:
> Hi,
> 
> A change in 7.0.81/7.0.80 changed the File resolution in VirtualDirContext.
> 
> In 7.0.79 and before it was possible to use paths with /../ or any other
> non-canonical path. This was particularly useful when using placeholders
> that are being replaced at compile time like
> 
> extraResourcePaths="/=${project.basedir}/../some/other/dir”
> 
> The new calls to validate(File file, boolean mustExist, String
> absoluteBase) prevent this, as inside the validate method the file name is
> canocialized and compared against the absoluteBase path, which is not being
> canonicalized.
> 
> Hence, when using a non-canonical path as an extraResourcePath the validate
> function incorrectly assumes that the requested file is outside the
> application root.
> 
> Any chance that this can be fixed?

Fixed in 7.0.x for 7.0.82 onwards.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext

2017-08-31 Thread Constantin Erckenbrecht 
Hi,



A change in 7.0.81/7.0.80 changed the File resolution in VirtualDirContext.

In 7.0.79 and before it was possible to use paths with /../ or any other
non-canonical path. This was particularly useful when using placeholders
that are being replaced at compile time like



extraResourcePaths="/=${project.basedir}/../some/other/dir”



The new calls to validate(File file, boolean mustExist, String
absoluteBase) prevent this, as inside the validate method the file name is
canocialized and compared against the absoluteBase path, which is not being
canonicalized.

Hence, when using a non-canonical path as an extraResourcePath the validate
function incorrectly assumes that the requested file is outside the
application root.



Any chance that this can be fixed?



Thanks.