using the include directive fails when referencing the Parent path when the Context is set directly to the WAR file, yet succeeds when accessing the unpacked WAR directories. This Context fails: <Context path="/ServerTest" docBase="ServerTest.war" debug="0" privileged="true" /> but expanding the war and setting this context succeeds <Context path="/ServerTest" docBase="ServerTest" debug="0" privileged="true" /> the test files were setup as such: (the WAR will be attached) /inc.htm /testdir/DotDotInclude.jsp where DotDotInclude.jsp has a tag <%@ include file="../inc.htm"%> Hacking at the source code for jasper2 revealed that when the call was made to JSPCompilationContext.getResourceAsStream(String res) res = "/testdir/../inc.htm" The returned java.io.InputStream was null if the WAR was the Context docBase, and not null if referencing the directory.
Created attachment 2301 [details] Test WAR to duplicate the problem
I believe it is also the case that the bug manifests itself with any relative path reference, not merely a reference to a parent path. For example, the directive: <%@ include file="./inc.htm"%> Will also generate a "not found" error
It seems that ZIP format accepts directory paths such as /dir/../testfile.htm as a valid entry and stores the file as so. Assumming that is a correct implementation, the parent directory and current directory notation should be dealt with Prior to requesting the file from the ZipFile. Since other DirContext's may handle relative paths, (FileDirContext does) I patched org.apache.naming.resources.WARDirContext.java, resolving the relative paths before retrieval. --- WARDirContext.old 2002-07-13 06:04:37.000000000 -0400 +++ WARDirContext.java 2002-07-13 06:30:59.000000000 -0400 @@ -246,6 +246,7 @@ throws NamingException { if (name.isEmpty()) return this; + name = handleRelativePaths(name); //removes Dot and DotDot notation Entry entry = treeLookup(name); if (entry == null) throw new NamingException @@ -772,6 +773,35 @@ } + /** + * Handle Relative file path markers such as .. and . + * Assumes that the name will begin "/" and will maintain this + */ + protected static Name handleRelativePaths(Name BaseName) + throws NamingException { + boolean hasChanged = true; + Name name = BaseName.getSuffix(0); //creating a new name, so as not to modify the old + while(hasChanged) { + hasChanged = false; + for(int i = 0; i < name.size(); i++) { + //remove any Dot Dot notation, if it's not the root + if( name.get(i).equals("..") && i > 1) { //will not handle the case "/.." . let current system handle situation + name.remove(i); + name.remove(i - 1); + hasChanged = true; + break; //start over + } + + //removes any Single Dot notation + if( name.get(i).equals(".") ) { + name.remove(i); + hasChanged = true; + break; //start over + } + } + } + return name; + } /** * Constructs a tree of the entries contained in a WAR file. --- file end ----
Created attachment 2346 [details] Patch for WARDirContext.java to resolve relative path issues
Fixing this bug is particularly important when using Tomcat with JBoss, as JBoss currently (3.0.0) does not provide a way to unpack the WARs.
This should be resolved in Jasper (and a canonical path should be passed to the getResource method IMO). This should be fixed in Tomcat 4.1.8. *** This bug has been marked as a duplicate of 10711 ***
This bug has been marked as a duplicate of 10711, which has been marked as RESOLVED FIXED; however it seems to me that the fix for 10711 only addresses the issue of an included JSP file, not an HTML or text file. Isn't a change to getResourceAsStream and getResource needed? (Or to WARDirContext?)
Andrew Harris was correct in that the fix for 10711 did not fix the problem for includes of files with extensions other than *.jsp. Here is a patch that solves the problem within the JspCompilationContext.java. If the getResource method should already be recieving a canonical name, as Remy suggests, then maybe a utility class is needed for relative path resolution, instead of duplicating the canonicalURI method to multiple locations. --- JspCompilationContext.old 2002-07-24 02:12:00.000000000 -0400 +++ JspCompilationContext.java 2002-07-24 04:18:17.000000000 -0400 @@ -227,12 +227,12 @@ * as an InputStream. */ public java.io.InputStream getResourceAsStream(String res) { - return context.getResourceAsStream(res); + return context.getResourceAsStream(canonicalURI(res)); } public URL getResource(String res) throws MalformedURLException { - return context.getResource(res); + return context.getResource(canonicalURI(res)); } /**
I've applied the patch.
*** Bug 11802 has been marked as a duplicate of this bug. ***
This bug still exists in tomcat version - 4.1.12.
Don't reopen the same bug many times. *** This bug has been marked as a duplicate of 13583 ***