Author: kkolinko
Date: Fri Sep 22 00:29:54 2017
New Revision: 1809248
URL: http://svn.apache.org/viewvc?rev=1809248&view=rev
Log:
Remove condition that is always false, thanks to
"canPath.startsWith(canonicalBase)" check a few lines earlier.
Modified:
tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
Modified:
tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1809248&r1=1809247&r2=1809248&view=diff
==============================================================================
---
tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
(original)
+++
tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
Fri Sep 22 00:29:54 2017
@@ -93,11 +93,10 @@ public abstract class AbstractFileResour
// the request processing) but might be possible for some access via
the
// Servlet API (RequestDispatcher, HTTP/2 push etc.) therefore these
// checks are retained as an additional safety measure
- // absoluteBase has been normalized so absPath needs to normalized as
+ // absoluteBase has been normalized so absPath needs to be normalized
as
// well.
String absPath = normalize(file.getAbsolutePath());
- if (absoluteBase.length() > absPath.length() ||
- canonicalBase.length() > canPath.length()) {
+ if (absoluteBase.length() > absPath.length()) {
return null;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
