diff --git a/org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java b/org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java index 18750ca2a04..47298400c60 100644 --- a/org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java +++ b/org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2010 the original author or authors. + * Copyright 2002-2011 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,7 +18,6 @@ package org.springframework.web.servlet.resource; import java.io.IOException; import java.util.List; - import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -76,7 +75,7 @@ public class ResourceHttpRequestHandler extends WebContentGenerator implements H * for serving static resources. */ public void setLocations(List locations) { - Assert.notEmpty(locations, "Location list must not be empty"); + Assert.notEmpty(locations, "Locations list must not be empty"); this.locations = locations; } @@ -174,14 +173,16 @@ public class ResourceHttpRequestHandler extends WebContentGenerator implements H } /** - * Returns {@code true} if the given path is not a valid resource path. - * The default implementation rejects paths containing "WEB-INF" or "META-INF" as well as paths with - * relative paths ("../") that result in access of a parent directory. + * Validates the given path: returns {@code true} if the given path is not a valid resource path. + *

The default implementation rejects paths containing "WEB-INF" or "META-INF" as well as paths + * with relative paths ("../") that result in access of a parent directory. + * @param path the path to validate + * @return {@code true} if the path has been recognized as invalid, {@code false} otherwise */ protected boolean isInvalidPath(String path) { return (path.contains("WEB-INF") || path.contains("META-INF") || StringUtils.cleanPath(path).startsWith("..")); } - + /** * Determine an appropriate media type for the given resource. * @param resource the resource to check diff --git a/org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandlerTests.java b/org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandlerTests.java index b579751be59..3cdf876d189 100644 --- a/org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandlerTests.java +++ b/org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandlerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2010 the original author or authors. + * Copyright 2002-2011 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ import java.util.ArrayList; import java.util.List; import javax.servlet.http.HttpServletResponse; -import static org.junit.Assert.*; import org.junit.Before; import org.junit.Test; @@ -32,6 +31,8 @@ import org.springframework.mock.web.MockServletContext; import org.springframework.web.HttpRequestMethodNotSupportedException; import org.springframework.web.servlet.HandlerMapping; +import static org.junit.Assert.*; + /** * @author Keith Donald * @author Jeremy Grelle