tchekai704
/
src-spring-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Simplified separator check within isInvalidEncodedPath 

Issue: SPR-16616
pull/1755/head
Juergen Hoeller 7 years ago
parent
c60cefa331
commit
f59ea610df
1 changed files with 1 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java

11
spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java
Unescape View File

@ -284,16 +284,7 @@ public class PathResourceResolver extends AbstractResourceResolver { @@ -284,16 +284,7 @@ public class PathResourceResolver extends AbstractResourceResolver {
// Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars...
try {
String decodedPath = URLDecoder.decode(resourcePath, "UTF-8");
int separatorIndex = decodedPath.indexOf("..") + 2;
if (separatorIndex > 1 && separatorIndex < decodedPath.length()) {
char separator = decodedPath.charAt(separatorIndex);
if (separator == '/' || separator == '\\') {
if (logger.isTraceEnabled()) {
logger.trace("Resolved resource path contains \"../\" after decoding: " + resourcePath);
}
}
return true;
}
return (decodedPath.contains("../") || decodedPath.contains("..\\"));
}
catch (UnsupportedEncodingException ex) {
// Should never happen...

Write Preview
Loading…
Cancel
Save