Author: darran.lofthouse(a)jboss.com Date: 2010-07-05 12:33:19 -0400 (Mon, 05 Jul 2010) New Revision: 12577 Modified: stack/native/branches/dlofthouse/JBWS-3070/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java Log: Added the fix Modified: stack/native/branches/dlofthouse/JBWS-3070/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java =================================================================== --- stack/native/branches/dlofthouse/JBWS-3070/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java 2010-07-05 16:29:27 UTC (rev 12576) +++ stack/native/branches/dlofthouse/JBWS-3070/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java 2010-07-05 16:33:19 UTC (rev 12577) @@ -205,25 +205,35 @@ String resParent = resPath.substring(0, resPath.lastIndexOf("/")); // replace parent traversal, results in resParent == null when successfully executed - while (orgLocation.startsWith("../") && resParent != null) + if (orgLocation.startsWith("../") && resParent != null) { - if (resParent.indexOf("/") > 0) + // replace parent traversal, results in resParent == null when successfully executed + while (orgLocation.startsWith("../") && resParent != null) { - resParent = resParent.substring(0, resParent.lastIndexOf("/")); - orgLocation = orgLocation.substring(3); - newResourcePath = resParent + "/" + orgLocation; + if (resParent.endsWith("..")) + { + newResourcePath = resParent + "/" + orgLocation; + resParent = null; + } + else if (resParent.indexOf("/") > 0) + { + resParent = resParent.substring(0, resParent.lastIndexOf("/")); + orgLocation = orgLocation.substring(3); + newResourcePath = resParent + "/" + orgLocation; + } + else + { + orgLocation = orgLocation.substring(3); + newResourcePath = orgLocation; + resParent = null; + } } - else - { - orgLocation = orgLocation.substring(3); - newResourcePath = orgLocation; - resParent = null; - } + } - - // no parent traversal happend - if(resParent!=null) - newResourcePath = resParent +"/"+ orgLocation; + else + { + newResourcePath = resParent + "/" + orgLocation; + } } String reqPath = reqURL.getPath();