Author: kkolinko Date: Fri Sep 22 00:29:54 2017 New Revision: 1809248 URL: http://svn.apache.org/viewvc?rev=1809248&view=rev Log: Remove condition that is always false, thanks to "canPath.startsWith(canonicalBase)" check a few lines earlier.
Modified: tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java Modified: tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java?rev=1809248&r1=1809247&r2=1809248&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java (original) +++ tomcat/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java Fri Sep 22 00:29:54 2017 @@ -93,11 +93,10 @@ public abstract class AbstractFileResour // the request processing) but might be possible for some access via the // Servlet API (RequestDispatcher, HTTP/2 push etc.) therefore these // checks are retained as an additional safety measure - // absoluteBase has been normalized so absPath needs to normalized as + // absoluteBase has been normalized so absPath needs to be normalized as // well. String absPath = normalize(file.getAbsolutePath()); - if (absoluteBase.length() > absPath.length() || - canonicalBase.length() > canPath.length()) { + if (absoluteBase.length() > absPath.length()) { return null; } --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org