This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new afaa8d83cb An explicit absolute appBase is allowed to be outside of
CATALINA_BASE
afaa8d83cb is described below
commit afaa8d83cb24c009458ead328f5e037308d570fc
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jun 25 10:41:05 2026 +0100
An explicit absolute appBase is allowed to be outside of CATALINA_BASE
---
java/org/apache/catalina/manager/host/HostManagerServlet.java | 7 +++++--
webapps/docs/config/host.xml | 3 ++-
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/manager/host/HostManagerServlet.java
b/java/org/apache/catalina/manager/host/HostManagerServlet.java
index a3963efd55..7487edf410 100644
--- a/java/org/apache/catalina/manager/host/HostManagerServlet.java
+++ b/java/org/apache/catalina/manager/host/HostManagerServlet.java
@@ -353,7 +353,10 @@ public class HostManagerServlet extends HttpServlet
implements ContainerServlet
applicationBase = name;
}
file = new File(applicationBase);
- if (!file.isAbsolute()) {
+ boolean appBaseIsAbsolute = false;
+ if (file.isAbsolute()) {
+ appBaseIsAbsolute = true;
+ } else {
file = new File(engine.getCatalinaBase(), file.getPath());
}
try {
@@ -361,7 +364,7 @@ public class HostManagerServlet extends HttpServlet
implements ContainerServlet
} catch (IOException ioe) {
appBaseFile = file;
}
- if (!pathCheck(appBaseFile, engine.getCatalinaBase(), writer,
smClient)) {
+ if (!appBaseIsAbsolute && !pathCheck(appBaseFile,
engine.getCatalinaBase(), writer, smClient)) {
// Any error reported in pathCheck()
return;
}
diff --git a/webapps/docs/config/host.xml b/webapps/docs/config/host.xml
index 204dd6b144..9175283254 100644
--- a/webapps/docs/config/host.xml
+++ b/webapps/docs/config/host.xml
@@ -87,7 +87,8 @@
This is the pathname of a directory that may contain web applications
to be deployed on this virtual host. You may specify an
absolute pathname, or a pathname that is relative to the
- <code>$CATALINA_BASE</code> directory. See
+ <code>$CATALINA_BASE</code> directory. Relative path names must be
under
+ the <code>$CATALINA_BASE</code> directory. See
<a href="#Automatic_Application_Deployment">Automatic Application
Deployment</a> for more information on automatic recognition and
deployment of web applications. If not specified, the default of
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
