Example #1
0
  /**
   * Implements getResource() See getRealPath(), it have to be local to the current Context - and
   * can't go to a sub-context. That means we don't need any overhead.
   */
  public URL getResource(String rpath) throws MalformedURLException {
    if (rpath == null) return null;

    if (URLUtil.hasEscape(rpath)) return null;

    URL url = null;
    String absPath = getAbsolutePath();

    if ("".equals(rpath)) return new URL("file", null, 0, absPath);

    if (!rpath.startsWith("/")) rpath = "/" + rpath;

    String realPath = FileUtil.safePath(absPath, rpath);
    if (realPath == null) {
      log("Unsafe path " + absPath + " " + rpath);
      return null;
    }

    try {
      url = new URL("file", null, 0, realPath);
      if (debug > 9) log("getResourceURL=" + url + " request=" + rpath);
      return url;
    } catch (IOException ex) {
      ex.printStackTrace();
      return null;
    }
  }
Example #2
0
  /**
   * According to Servlet 2.2 the real path is interpreted as relative to the current web app and
   * _cannot_ go outside the box. If your intention is different or want the "other" behavior you'll
   * have to first call getContext(path) and call getRealPath() on the result context ( if any - the
   * server may disable that from security reasons !). XXX find out how can we find the context path
   * in order to remove it from the path - that's the only way a user can do that unless he have
   * prior knowledge of the mappings !
   */
  public String getRealPath(String path) {
    String base = getAbsolutePath();
    if (path == null) path = "";

    String realPath = FileUtil.safePath(base, path);
    // No need for a sub-request, that's a great simplification
    // in servlet space.

    // Important: that's different from what some people might
    // expect and how other server APIs work, but that's how it's
    // specified in 2.2. From a security point of view that's very
    // good, it keeps inter-webapp communication under control.

    if (debug > 5) {
      log("Get real path " + path + " " + realPath + " " + base);
    }
    return realPath;
  }