This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 1ed5cb1c8f31ccf7bfc82b55f8191404159b65bd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jun 13 13:07:55 2024 +0100
Align with 11.0.x - no functional change
---
.../catalina/webresources/AbstractFileResourceSet.java | 13 ++++++-------
.../apache/catalina/webresources/LocalStrings_ko.properties | 1 -
.../catalina/webresources/LocalStrings_zh_CN.properties | 1 -
3 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index 7a81b943b0..951f41d58e 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -99,13 +99,12 @@ public abstract class AbstractFileResourceSet extends
AbstractResourceSet {
return null;
}
- // Ensure that the file is not outside the fileBase. This should not be
- // possible for standard requests (the request is normalized early in
- // the request processing) but might be possible for some access via
the
- // Servlet API (RequestDispatcher, HTTP/2 push etc.) therefore these
- // checks are retained as an additional safety measure
- // absoluteBase has been normalized so absPath needs to be normalized
as
- // well.
+ /*
+ * Ensure that the file is not outside the fileBase. This should not
be possible for standard requests (the
+ * request is normalized early in the request processing) but might be
possible for some access via the Servlet
+ * API (e.g. RequestDispatcher, HTTP/2 push etc.) therefore these
checks are retained as an additional safety
+ * measure absoluteBase has been normalized so absPath needs to be
normalized as well.
+ */
String absPath = normalize(file.getAbsolutePath());
if (absPath == null || absoluteBase.length() > absPath.length()) {
return null;
diff --git a/java/org/apache/catalina/webresources/LocalStrings_ko.properties
b/java/org/apache/catalina/webresources/LocalStrings_ko.properties
index eb2a113123..6ac49eaedd 100644
--- a/java/org/apache/catalina/webresources/LocalStrings_ko.properties
+++ b/java/org/apache/catalina/webresources/LocalStrings_ko.properties
@@ -57,5 +57,4 @@ standardRoot.invalidPath=리소스 경로 [{0}]은(는) 유효하지 않습니
standardRoot.invalidPathNormal=리소스 경로 [{0}]이(가) [{1}](으)로 정규화되어 있는데, 이는 유효하지
않습니다.
standardRoot.lockedFile=웹 애플리케이션 [{0}]이(가) 파일 [{1}]을(를) 닫지 못했습니다. 해당 파일은 다음과
같은 스택 트레이스 내에서 열렸었습니다.
standardRoot.noContext=컨텍스트가 이 WebResourceRoot를 위해 설정되지 않았습니다.
-standardRoot.startInvalidMain=지정된 주요 리소스셋 [{0}]은(는) 유효하지 않습니다.
standardRoot.unsupportedProtocol=URL 프로토콜 [{0}]은(는), 이 웹 리소스 구현에 의해 지원되지 않습니다.
diff --git
a/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties
b/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties
index f1aaabde5f..7f87c2441b 100644
--- a/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties
+++ b/java/org/apache/catalina/webresources/LocalStrings_zh_CN.properties
@@ -57,5 +57,4 @@ standardRoot.invalidPath=资源路径[{0}]无效
standardRoot.invalidPathNormal=资源路径[{0}]已规范化为无效的[{1}]
standardRoot.lockedFile=Web应用程序[{0}]无法关闭通过以下堆栈跟踪打开的文件[{1}]
standardRoot.noContext=尚未为WebResourceRoot配置上下文
-standardRoot.startInvalidMain=指定的主资源集 [{0}] 无效
standardRoot.unsupportedProtocol=此web资源实现不支持URL协议[{0}]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
