Author: musachy
Date: Thu May 17 14:26:57 2007
New Revision: 539122
URL: http://svn.apache.org/viewvc?view=rev&rev=539122
Log:
WW-1769 Security hole in config parameter of the viewSource action in
struts2-showcase example app
* This is not really a problem, but for the sake of PlanetStruts
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
Modified:
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
URL:
http://svn.apache.org/viewvc/struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java?view=diff&rev=539122&r1=539121&r2=539122
==============================================================================
---
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
(original)
+++
struts/struts2/trunk/apps/showcase/src/main/java/org/apache/struts2/showcase/source/ViewSourceAction.java
Thu May 17 14:26:57 2007
@@ -30,7 +30,9 @@
import java.util.List;
import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.struts2.ServletActionContext;
import org.apache.struts2.util.ServletContextAware;
import com.opensymphony.xwork2.ActionSupport;
@@ -81,7 +83,9 @@
classLines = read(in, -1);
}
- if (config != null && config.trim().length() > 0) {
+ String rootPath =
ServletActionContext.getServletContext().getRealPath("/");
+
+ if (config != null && config.trim().length() > 0 && (rootPath == null
|| config.startsWith(rootPath))) {
int pos = config.lastIndexOf(':');
configLine = Integer.parseInt(config.substring(pos+1));
config = config.substring(0, pos).replace("//", "/");
