lxy/redkale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
Redkale
2017-07-19 10:51:17 +08:00
parent 414489da8e
commit 702220d18e
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/org/redkale/net/http/HttpRequest.java
View File

@@ -121,7 +121,6 @@ public class HttpRequest extends Request<HttpContext> {
} else { } else {
this.requestURI = array.toDecodeString(index, offset - index, charset).trim(); this.requestURI = array.toDecodeString(index, offset - index, charset).trim();
} }
if (this.requestURI.contains("../")) return -1;
index = ++offset; index = ++offset;
this.protocol = array.toString(index, array.size() - index, charset).trim(); this.protocol = array.toString(index, array.size() - index, charset).trim();
while (readLine(buffer, array)) { while (readLine(buffer, array)) {

5
src/org/redkale/net/http/HttpResourceServlet.java
View File

@@ -192,6 +192,11 @@ public class HttpResourceServlet extends HttpServlet {
@Override @Override
public void execute(HttpRequest request, HttpResponse response) throws IOException { public void execute(HttpRequest request, HttpResponse response) throws IOException {
String uri = request.getRequestURI(); String uri = request.getRequestURI();
if (uri.contains("../")) {
if (finest) logger.log(Level.FINEST, "Not found resource (404) be " + uri + ", request = " + request);
response.finish404();
return;
}
if (locationRewrites != null) { if (locationRewrites != null) {
for (SimpleEntry<Pattern, String> entry : locationRewrites) { for (SimpleEntry<Pattern, String> entry : locationRewrites) {
Matcher matcher = entry.getKey().matcher(uri); Matcher matcher = entry.getKey().matcher(uri);