[Bug 56070] New: the resource url is wrong!

bugzilla Mon, 27 Jan 2014 20:40:02 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=56070


            Bug ID: 56070
           Summary: the resource url is wrong!
           Product: Tomcat 8
           Version: trunk
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: 4700...@qq.com

previously,my servlet:
(WebappClassLoader)getClass().getClassLoader().getResource("/../tmplog/logs")
return url:
/myweb/../tmplog/logs
and my security validation code:
-------------
if (url.indexOf("/../")>-1)
  return false;
-------------will false!!!!
but now:
it's will be:
/tmplog/logs
if (url.indexOf("/../")>-1)
  return false;
---------------will true!!!!!

so,the resourse url is "/myweb/../tmplog/logs", not "/tmplog/logs".

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 56070] New: the resource url is wrong!

Reply via email to