On 04/06/2015 17:31, Christopher Schultz wrote: <snip/>
>>> We probably have a lot of places where we "resolve" filenames but >>> I'm guessing we don't have a single utility method to do the >>> work; > >> Wrong :) > >>> probably just new File(new File(file).getCanonicalPath()) or >>> something like that wherever it's needed. If we unified all those >>> accesses in a single place, it would be easy to change these >>> semantics for different environments. > >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/web > resources/AbstractFileResourceSet.java?view=annotate#l54 > > Nice > > work. > > So the code in there uses canonical paths, and when you canonicalize a > symlink, you end up with the location of the "real" file, not the > symlink, and everything goes boom at that point. Is my understanding > correct? Correct. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
