> This bug is kind of annoying when there are lots of pages
> shared across multiple clients. The common practice we
> use on Tomcat 4.0.2 is to build symbolic links under each
> client that points to a centralized place to avoid file
> copying on deployment.
>
> With the new code in 4.1, the path check below prevents
> any symlinked pages from being served. I would like to
> have it removed. However, with these two lines removed,
> the code essentially retroback to 4.0.2 version with
> very minor changes.
Obviously, those lines are for security reasons.
-1 for the patch (at best, the check will be made optional).
Remy
> org/apache/naming/resources/FileDirContext.java
>
> @@ -866,10 +866,6 @@
> if (canPath == null)
> return null;
>
> -if (!canPath.startsWith(absoluteBase)) {
> -return null;
> -}
> -
> // Windows only check
> if ((caseSensitive) && (File.separatorChar == '\\')) {
> String fileAbsPath = file.getAbsolutePath();
>
>
>
> Xiaoyan Liu
> Capitalthinking.com
>
--
To unsubscribe, e-mail:
For additional commands, e-mail:
