root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Javadoc 

Add Javadoc note explaining that StringUtils.cleanPath should not be
depended on in security context.
This commit is contained in:
Arjen Poutsma 2020-07-23 17:43:20 +02:00
parent 05683fed7a
commit cf8c36adf3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
spring-core/src/main/java/org/springframework/util/StringUtils.java
View File

@ -645,6 +645,9 @@ public abstract class StringUtils {
* inner simple dots.
* <p>The result is convenient for path comparison. For other uses,
* notice that Windows separators ("\") are replaced by simple slashes.
* <p><strong>NOTE</strong> that {@code cleanPath} should not be depended
* upon in a security context. Other mechanisms should be used to prevent
* path-traversal issues.
* @param path the original path
* @return the normalized path
*/