[tomcat] branch 8.5.x updated: Fix path validation when docBase="/"

Tue, 25 Aug 2020 02:04:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 8b58ab5  Fix path validation when docBase="/"
8b58ab5 is described below

commit 8b58ab5c06dc1ffcfce2b2abf8f592416da455c5
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Aug 25 10:01:50 2020 +0100

    Fix path validation when docBase="/"
---
 .../org/apache/catalina/webresources/AbstractFileResourceSet.java | 8 ++++++++
 webapps/docs/changelog.xml                                        | 5 +++++
 2 files changed, 13 insertions(+)

diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java 
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index b79f88b..c799341 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -212,6 +212,14 @@ public abstract class AbstractFileResourceSet extends 
AbstractResourceSet {
         } catch (IOException e) {
             throw new IllegalArgumentException(e);
         }
+
+        // Need to handle mapping of the file system root as a special case
+        if ("/".equals(this.absoluteBase)) {
+            this.absoluteBase = "";
+        }
+        if ("/".equals(this.canonicalBase)) {
+            this.canonicalBase = "";
+        }
     }
 
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index da9ecf0..ce59fc7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -82,6 +82,11 @@
         associated code for clarity.
         Based on a patch provided by Milo van der Zee. (markt)
       </fix>
+      <fix>
+        Correct the path vaidation to allow the use of the file system root for
+        the <code>docBase</code> attribute of a <code>Context</code>. Note that
+        such a configuration should be used with caution. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to