Skip to content

Commit

Permalink
TAP5-2670: Better handling of slashes in context asset URLs
Browse files Browse the repository at this point in the history
  • Loading branch information
thiagohp committed Apr 4, 2021
1 parent b347e65 commit 30ab433
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public class ContextAssetRequestHandler implements AssetRequestHandler

private final Resource rootContextResource;

private final Pattern illegal = Pattern.compile("^(/*((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);
private final Pattern illegal = Pattern.compile("^([\\\\/]*((web|meta)-inf.*)|(.*\\.tml$))", Pattern.CASE_INSENSITIVE);

public ContextAssetRequestHandler(ResourceStreamer resourceStreamer, Resource rootContextResource)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,12 @@ public Object[][] invalid_paths()
{"web-Inf/classes/hibernate.cfg.xml"},
{"Meta-Inf/MANIFEST.mf"},
{"Index.tml"},
{"folder/FolderIndex.TML"}};
{"folder/FolderIndex.TML"},
{"\\WEB-INF/something.jpg"},
{"\\//WEB-INF/something.jpg"},
{"//WEB-INF/something.jpg"},
{"//\\\\WEB-INF/something.jpg"}
};
}

@Test(dataProvider = "invalid_paths")
Expand Down

0 comments on commit 30ab433

Please sign in to comment.