root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Defensive URL cleaning (preserving the original URL if possible) 

Issue: SPR-17198
This commit is contained in:
Juergen Hoeller 2018-08-22 14:12:39 +02:00
parent c55a9072aa
commit 6ef0938a92
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
spring-core/src/main/java/org/springframework/core/io/UrlResource.java
View File

@ -141,18 +141,20 @@ public class UrlResource extends AbstractFileResolvingResource {
* Determine a cleaned URL for the given original URL. * Determine a cleaned URL for the given original URL.
* @param originalUrl the original URL * @param originalUrl the original URL
* @param originalPath the original URL path * @param originalPath the original URL path
* @return the cleaned URL * @return the cleaned URL (possibly the original URL as-is)
* @see org.springframework.util.StringUtils#cleanPath * @see org.springframework.util.StringUtils#cleanPath
*/ */
private URL getCleanedUrl(URL originalUrl, String originalPath) { private URL getCleanedUrl(URL originalUrl, String originalPath) {
try { String cleanedPath = StringUtils.cleanPath(originalPath);
return new URL(StringUtils.cleanPath(originalPath)); if (!cleanedPath.equals(originalPath)) {
} try {
catch (MalformedURLException ex) { return new URL(cleanedPath);
// Cleaned URL path cannot be converted to URL }
// -> take original URL. catch (MalformedURLException ex) {
return originalUrl; // Cleaned URL path cannot be converted to URL -> take original URL.
}
} }
return originalUrl;
} }
/** /**