Re: Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext

2017-09-02 Thread Constantin Erckenbrecht
Thanks for the prompt reply!

On Fri, Sep 1, 2017 at 2:12 PM, Mark Thomas  wrote:

> On 31/08/17 17:03, Constantin Erckenbrecht wrote:
> > Hi,
> >
> > A change in 7.0.81/7.0.80 changed the File resolution in
> VirtualDirContext.
> >
> > In 7.0.79 and before it was possible to use paths with /../ or any other
> > non-canonical path. This was particularly useful when using placeholders
> > that are being replaced at compile time like
> >
> > extraResourcePaths="/=${project.basedir}/../some/other/dir”
> >
> > The new calls to validate(File file, boolean mustExist, String
> > absoluteBase) prevent this, as inside the validate method the file name
> is
> > canocialized and compared against the absoluteBase path, which is not
> being
> > canonicalized.
> >
> > Hence, when using a non-canonical path as an extraResourcePath the
> validate
> > function incorrectly assumes that the requested file is outside the
> > application root.
> >
> > Any chance that this can be fixed?
>
> Fixed in 7.0.x for 7.0.82 onwards.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Constantin Erckenbrecht


Re: Apache 7.0.81 - Can no longer use non-canonical paths in extraResourcePaths of VirtualDirContext

2017-09-01 Thread Mark Thomas
On 31/08/17 17:03, Constantin Erckenbrecht wrote:
> Hi,
> 
> A change in 7.0.81/7.0.80 changed the File resolution in VirtualDirContext.
> 
> In 7.0.79 and before it was possible to use paths with /../ or any other
> non-canonical path. This was particularly useful when using placeholders
> that are being replaced at compile time like
> 
> extraResourcePaths="/=${project.basedir}/../some/other/dir”
> 
> The new calls to validate(File file, boolean mustExist, String
> absoluteBase) prevent this, as inside the validate method the file name is
> canocialized and compared against the absoluteBase path, which is not being
> canonicalized.
> 
> Hence, when using a non-canonical path as an extraResourcePath the validate
> function incorrectly assumes that the requested file is outside the
> application root.
> 
> Any chance that this can be fixed?

Fixed in 7.0.x for 7.0.82 onwards.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org