root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

polishing 

git-svn-id: https://src.springframework.org/svn/spring-framework/trunk@4767 50f2f4bb-b051-0410-bef5-90022cba6387
This commit is contained in:
Juergen Hoeller 2011-07-25 10:57:50 +00:00
parent 0045f40831
commit dbf2f44e9b
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
org.springframework.web.servlet/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2010 the original author or authors. * Copyright 2002-2011 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,7 +18,6 @@ package org.springframework.web.servlet.resource;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -76,7 +75,7 @@ public class ResourceHttpRequestHandler extends WebContentGenerator implements H
* for serving static resources. * for serving static resources.
*/ */
public void setLocations(List<Resource> locations) { public void setLocations(List<Resource> locations) {
Assert.notEmpty(locations, "Location list must not be empty"); Assert.notEmpty(locations, "Locations list must not be empty");
this.locations = locations; this.locations = locations;
} }
@ -174,14 +173,16 @@ public class ResourceHttpRequestHandler extends WebContentGenerator implements H
} }
/** /**
* Returns {@code true} if the given path is not a valid resource path. * Validates the given path: returns {@code true} if the given path is not a valid resource path.
* The default implementation rejects paths containing "WEB-INF" or "META-INF" as well as paths with * <p>The default implementation rejects paths containing "WEB-INF" or "META-INF" as well as paths
* relative paths ("../") that result in access of a parent directory. * with relative paths ("../") that result in access of a parent directory.
* @param path the path to validate
* @return {@code true} if the path has been recognized as invalid, {@code false} otherwise
*/ */
protected boolean isInvalidPath(String path) { protected boolean isInvalidPath(String path) {
return (path.contains("WEB-INF") || path.contains("META-INF") || StringUtils.cleanPath(path).startsWith("..")); return (path.contains("WEB-INF") || path.contains("META-INF") || StringUtils.cleanPath(path).startsWith(".."));
} }
/** /**
* Determine an appropriate media type for the given resource. * Determine an appropriate media type for the given resource.
* @param resource the resource to check * @param resource the resource to check

5
org.springframework.web.servlet/src/test/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandlerTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2010 the original author or authors. * Copyright 2002-2011 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import static org.junit.Assert.*;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -32,6 +31,8 @@ import org.springframework.mock.web.MockServletContext;
import org.springframework.web.HttpRequestMethodNotSupportedException; import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.servlet.HandlerMapping; import org.springframework.web.servlet.HandlerMapping;
import static org.junit.Assert.*;
/** /**
* @author Keith Donald * @author Keith Donald
* @author Jeremy Grelle * @author Jeremy Grelle