stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Bradford Wetmore 2008-05-11 00:26:16 -07:00
commit 3cedab2ac5
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
jdk/src/share/classes/sun/misc/URLClassPath.java
View File

@ -961,6 +961,7 @@ public class URLClassPath {
* from a file URL that refers to a directory.
*/
private static class FileLoader extends Loader {
/* Canonicalized File */
private File dir;
FileLoader(URL url) throws IOException {
@ -970,7 +971,7 @@ public class URLClassPath {
}
String path = url.getFile().replace('/', File.separatorChar);
path = ParseUtil.decode(path);
dir = new File(path);
dir = (new File(path)).getCanonicalFile();
}
/*
@ -997,8 +998,19 @@ public class URLClassPath {
if (check)
URLClassPath.check(url);
final File file =
new File(dir, name.replace('/', File.separatorChar));
final File file;
if (name.indexOf("..") != -1) {
file = (new File(dir, name.replace('/', File.separatorChar)))
.getCanonicalFile();
if ( !((file.getPath()).startsWith(dir.getPath())) ) {
/* outside of base dir */
return null;
}
} else {
file = new File(dir, name.replace('/', File.separatorChar));
}
if (file.exists()) {
return new Resource() {
public String getName() { return name; };