This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a3ec494 Fix BZ 56890 - Clarification of
ServletContext.getRealPath(String)
a3ec494 is described below
commit a3ec49490a0b8c6cdee38f66eeca7041d9f57180
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Nov 30 13:35:59 2020 +0000
Fix BZ 56890 - Clarification of ServletContext.getRealPath(String)
https://bz.apache.org/bugzilla/show_bug.cgi?id=56890
If the provided path doesn't start with "/", process the method call as
if "/" was appended to the beginning of the provided path.
---
java/org/apache/catalina/core/ApplicationContext.java | 16 ++++++----------
webapps/docs/changelog.xml | 8 ++++++++
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/core/ApplicationContext.java
b/java/org/apache/catalina/core/ApplicationContext.java
index d109c5a..4511e87 100644
--- a/java/org/apache/catalina/core/ApplicationContext.java
+++ b/java/org/apache/catalina/core/ApplicationContext.java
@@ -526,7 +526,7 @@ public class ApplicationContext implements ServletContext {
@Override
public URL getResource(String path) throws MalformedURLException {
- String validatedPath = validateResourcePath(path, false);
+ String validatedPath = validateResourcePath(path,
!GET_RESOURCE_REQUIRE_SLASH);
if (validatedPath == null) {
throw new MalformedURLException(
@@ -545,7 +545,7 @@ public class ApplicationContext implements ServletContext {
@Override
public InputStream getResourceAsStream(String path) {
- String validatedPath = validateResourcePath(path, false);
+ String validatedPath = validateResourcePath(path,
!GET_RESOURCE_REQUIRE_SLASH);
if (validatedPath == null) {
return null;
@@ -564,20 +564,16 @@ public class ApplicationContext implements ServletContext
{
* Returns null if the input path is not valid or a path that will be
* acceptable to resources.getResource().
*/
- private String validateResourcePath(String path, boolean allowEmptyPath) {
+ private String validateResourcePath(String path, boolean
addMissingInitialSlash) {
if (path == null) {
return null;
}
- if (path.length() == 0 && allowEmptyPath) {
- return path;
- }
-
if (!path.startsWith("/")) {
- if (GET_RESOURCE_REQUIRE_SLASH) {
- return null;
- } else {
+ if (addMissingInitialSlash) {
return "/" + path;
+ } else {
+ return null;
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5915cea..92bd352 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -113,6 +113,14 @@
than always returning a value for the proxy. (markt)
</fix>
<fix>
+ <bug>56890</bug>: Align the behaviour of
+ <code>ServletContext.getRealPath(String path)</code> with the recent
+ clarification from the Servlet specification project. If the path
+ parameter does not start with <code>/</code> then Tomcat processes the
+ call as if <code>/</code> is appended to the beginning of the
+ provided path. (markt)
+ </fix>
+ <fix>
<bug>64921</bug>: Ensure that the
<code>LoadBalancerDrainingValve</code>
uses the correct setting for the secure attribute for any session
cookies it creates. Based on a pull request by Andreas Kurth. (markt)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
