This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new a3ec494 Fix BZ 56890 - Clarification of ServletContext.getRealPath(String) a3ec494 is described below commit a3ec49490a0b8c6cdee38f66eeca7041d9f57180 Author: Mark Thomas <ma...@apache.org> AuthorDate: Mon Nov 30 13:35:59 2020 +0000 Fix BZ 56890 - Clarification of ServletContext.getRealPath(String) https://bz.apache.org/bugzilla/show_bug.cgi?id=56890 If the provided path doesn't start with "/", process the method call as if "/" was appended to the beginning of the provided path. --- java/org/apache/catalina/core/ApplicationContext.java | 16 ++++++---------- webapps/docs/changelog.xml | 8 ++++++++ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/java/org/apache/catalina/core/ApplicationContext.java b/java/org/apache/catalina/core/ApplicationContext.java index d109c5a..4511e87 100644 --- a/java/org/apache/catalina/core/ApplicationContext.java +++ b/java/org/apache/catalina/core/ApplicationContext.java @@ -526,7 +526,7 @@ public class ApplicationContext implements ServletContext { @Override public URL getResource(String path) throws MalformedURLException { - String validatedPath = validateResourcePath(path, false); + String validatedPath = validateResourcePath(path, !GET_RESOURCE_REQUIRE_SLASH); if (validatedPath == null) { throw new MalformedURLException( @@ -545,7 +545,7 @@ public class ApplicationContext implements ServletContext { @Override public InputStream getResourceAsStream(String path) { - String validatedPath = validateResourcePath(path, false); + String validatedPath = validateResourcePath(path, !GET_RESOURCE_REQUIRE_SLASH); if (validatedPath == null) { return null; @@ -564,20 +564,16 @@ public class ApplicationContext implements ServletContext { * Returns null if the input path is not valid or a path that will be * acceptable to resources.getResource(). */ - private String validateResourcePath(String path, boolean allowEmptyPath) { + private String validateResourcePath(String path, boolean addMissingInitialSlash) { if (path == null) { return null; } - if (path.length() == 0 && allowEmptyPath) { - return path; - } - if (!path.startsWith("/")) { - if (GET_RESOURCE_REQUIRE_SLASH) { - return null; - } else { + if (addMissingInitialSlash) { return "/" + path; + } else { + return null; } } diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 5915cea..92bd352 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -113,6 +113,14 @@ than always returning a value for the proxy. (markt) </fix> <fix> + <bug>56890</bug>: Align the behaviour of + <code>ServletContext.getRealPath(String path)</code> with the recent + clarification from the Servlet specification project. If the path + parameter does not start with <code>/</code> then Tomcat processes the + call as if <code>/</code> is appended to the beginning of the + provided path. (markt) + </fix> + <fix> <bug>64921</bug>: Ensure that the <code>LoadBalancerDrainingValve</code> uses the correct setting for the secure attribute for any session cookies it creates. Based on a pull request by Andreas Kurth. (markt) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org