2017-09-26 2:20 GMT+03:00 <ma...@apache.org>:
> Author: markt
> Date: Mon Sep 25 23:20:56 2017
> New Revision: 1809669
>
> URL: http://svn.apache.org/viewvc?rev=1809669&view=rev
> Log:
> Add some additional checks required on Windows to keep all the checks in one
> place and to avoid exceptions later in the processing.
> Includes utility class to determine if platform is Windows and performance
> test case for alternative implementations.
>
> Added:
> tomcat/trunk/java/org/apache/tomcat/util/compat/JrePlatform.java (with
> props)
>
> tomcat/trunk/test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java
> (with props)
> Modified:
>
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> URL:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1809669&r1=1809668&r2=1809669&view=diff
> ==============================================================================
> ---
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> (original)
> +++
> tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
> Mon Sep 25 23:20:56 2017
> @@ -22,6 +22,7 @@ import java.net.MalformedURLException;
> import java.net.URL;
>
> import org.apache.catalina.LifecycleException;
> +import org.apache.tomcat.util.compat.JrePlatform;
> import org.apache.tomcat.util.http.RequestUtil;
>
> public abstract class AbstractFileResourceSet extends AbstractResourceSet {
> @@ -77,6 +78,12 @@ public abstract class AbstractFileResour
> return file;
> }
>
> + // Additional Windows specific checks to handle known problems with
> + // File.getCanonicalPath()
> + if (JrePlatform.IS_WINDOWS && isInvalidWindowsFilename(name)) {
> + return null;
> + }
> +
> // Check that this file is located under the WebResourceSet's base
> String canPath = null;
> try {
> @@ -127,6 +134,34 @@ public abstract class AbstractFileResour
> return file;
> }
>
> +
> + private boolean isInvalidWindowsFilename(String name) {
> + // For typical length file names, this is 2-3 times faster than the
> + // equivalent regular expression. The cut-over point is file names
> (not
> + // full paths) of ~65 characters.
> + char[] chars = name.toCharArray();
> + for (char c : chars) {
> + if (c == '\"' || c == '<' || c == '>') {
> + // These characters are disallowed in Windows file names and
> + // there are known problems for file names with these
> characters
> + // when using File#getCanonicalPath().
> + // Note: There are additional characters that are disallowed
> in
> + // Windows file names but these are not known to cause
> + // problems when using File#getCanonicalPath().
> + return true;
> + }
> + }
> + // Windows does allow file names to end in ' ' unless specific low
> level
I think it was meant "does not"
> + // APIs are used to create the files that bypass various checks. File
> + // names that end in ' ' are known to cause problems when using
> + // File#getCanonicalPath().
> + if (chars[chars.length -1] == ' ') {
I hope that the name is not a zero-length string is already checked
somewhere. Otherwise a ArrayIndexOutOfBoundsException might happen
here.
> + return true;
> + }
> + return false;
> + }
> +
> +
> /**
> * Return a context-relative path, beginning with a "/", that represents
> * the canonical version of the specified path after ".." and "."
> elements
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
