root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Defensive URL cleaning (preserving the original URL if possible) 

Issue: SPR-17198
This commit is contained in:
Juergen Hoeller 2018-08-22 14:12:39 +02:00
parent c55a9072aa
commit 6ef0938a92
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
spring-core/src/main/java/org/springframework/core/io/UrlResource.java
View File

@ -141,19 +141,21 @@ public class UrlResource extends AbstractFileResolvingResource {
* Determine a cleaned URL for the given original URL.
* @param originalUrl the original URL
* @param originalPath the original URL path
* @return the cleaned URL
* @return the cleaned URL (possibly the original URL as-is)
* @see org.springframework.util.StringUtils#cleanPath
*/
private URL getCleanedUrl(URL originalUrl, String originalPath) {
String cleanedPath = StringUtils.cleanPath(originalPath);
if (!cleanedPath.equals(originalPath)) {
try {
return new URL(StringUtils.cleanPath(originalPath));
return new URL(cleanedPath);
}
catch (MalformedURLException ex) {
// Cleaned URL path cannot be converted to URL
// -> take original URL.
return originalUrl;
// Cleaned URL path cannot be converted to URL -> take original URL.
}
}
return originalUrl;
}
/**
* This implementation opens an InputStream for the given URL.