[JBoss JIRA] Created: (EJBTHREE-728) Constructing relative path in PersistenceUnitDeploymen.start bogus for ../../foo.jar
4:14 a.m.
Constructing relative path in PersistenceUnitDeploymen.start bogus for ../../foo.jar
------------------------------------------------------------------------------------
Key: EJBTHREE-728
URL: http://jira.jboss.com/jira/browse/EJBTHREE-728
Project: EJB 3.0
Issue Type: Bug
Affects Versions: EJB 3.0 RC9 - FD
Reporter: Heiko W. Rupp
The following code in PersistenceUnitDeployment.start() tries to construct an absolute
path when given a relative URL
String base = di.getUrl().toString();
jar = jar.replaceAll("\\.\\./", "+");
int idx = jar.lastIndexOf('+');
jar = jar.substring(idx + 1);
for (int i = 0; i < idx + 1; i++)
{
int slash = base.lastIndexOf('/');
base = base.substring(0, slash + 1); // (1)
}
url = new URL(base + jar.substring(idx)); // (2)
This fails in 2 places:
1) Only the last component is chopped of. After this the statement is a noop, as the slash
found is always the trailing character of the String
2) The already 'corrected' jar is crippled when more than one ../ combination is
in the jar path
A fix can look like this:
{
int slash = base.lastIndexOf('/');
base = base.substring(0, slash ); // (1)
}
url = new URL(base + "/" +jar); // (2)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:16 a.m.
New subject: [JBoss JIRA] Updated: (EJBTHREE-728) Constructing relative path in PersistenceUnitDeploymen.start bogus for ../../foo.jar
[ http://jira.jboss.com/jira/browse/EJBTHREE-728?page=all ]
Heiko W. Rupp updated EJBTHREE-728:
-----------------------------------
Attachment: Test1.java
A simple Class to illustrate the issue.
Constructing relative path in PersistenceUnitDeploymen.start bogus
for ../../foo.jar
------------------------------------------------------------------------------------
Key: EJBTHREE-728
URL: http://jira.jboss.com/jira/browse/EJBTHREE-728
Project: EJB 3.0
Issue Type: Bug
Affects Versions: EJB 3.0 RC9 - FD
Reporter: Heiko W. Rupp
Attachments: Test1.java
The following code in PersistenceUnitDeployment.start() tries to construct an absolute
path when given a relative URL
String base = di.getUrl().toString();
jar = jar.replaceAll("\\.\\./", "+");
int idx = jar.lastIndexOf('+');
jar = jar.substring(idx + 1);
for (int i = 0; i < idx + 1; i++)
{
int slash = base.lastIndexOf('/');
base = base.substring(0, slash + 1); // (1)
}
url = new URL(base + jar.substring(idx)); // (2)
This fails in 2 places:
1) Only the last component is chopped of. After this the statement is a noop, as the
slash found is always the trailing character of the String
2) The already 'corrected' jar is crippled when more than one ../ combination is
in the jar path
A fix can look like this:
{
int slash = base.lastIndexOf('/');
base = base.substring(0, slash ); // (1)
}
url = new URL(base + "/" +jar); // (2)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6661
days inactive
6661
days old
1 comments
1 participants
participants (1)
-
Heiko W. Rupp (JIRA)