But wait...
/WEB-INF/../../env.xml
is inside of
/WEB-INF/../env.xml
(see example below)
Do you have to specify all the sub-directories that a webapp uses?
Also, I've noticed an interesting and occasionsl unsafe path where a
space is being introduced just before the path I supply to
getResourceAsStream.
If I say servContext.getResourceAsStream("\path\foo.html");
I occasionally get an exception stating an unsafe path of...
w:\foo\bar\tomcat\webapps \path\foo.html
A space is being introduced just before the path I supply, but only
sometimes.
Is there a reliable way to get the document root?
PathTranslated and PathInfo don't work the way they used to.
Running Tomcat 3.2.1
-Chris
Larry Isaacs wrote:
> David,
>
> For security, web applications aren't allow to access files outside
> of the web application. That is why /WEB-INF/../env.xml is okay
> and /WEB-INF/../../env.xml isn't.
>
> Larry
>
> -----Original Message-----
> From: David Soroko [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 13, 2001 7:53 AM
> To: [EMAIL PROTECTED]
> Subject: Unsafe path ?
>
>
> Hi all
>>From within a servlet I am trying to read a file in the following way
> getServletContext().getResourceAsStream(getInitParameter("envFile"));
> When the parameter envFile has the value /WEB-INF/../../env.xml
> I am getting the following message from Tomcat:
> Unsafe path D:\Jupiter\tomcat\webapps\dir1\dir2\dir3
/WEB-INF/../../env.xml
> Any ideas why is that?
> Interestingly, when the parameter envFile has the value
/WEB-INF/../env.xml
> Tomcat has no problems reading the file.
> This is on Tomcat 3.2/Wintel.
> TIA
--
Christopher Hull
Engineering Group Manager, Senior Software Architect
Mediagate Inc.
iPost Card http://web.mediagate.com/chris.hull
iPost Voice 408 261 7201
email [EMAIL PROTECTED]
