Skip to content

Commit 77c8aa5

Browse files
committed
Allow relative paths within resource location path
Prior to this change, location paths used for resource handling would not allow "non-cleaned, relative paths" such as `file://home/user/static/../static/`. When checking if the resolved resource's path starts with the location path, a mismatch would happen when comparing for example: * the location `file://home/user/static/../static/` * and the resource `file://home/user/static/resource.txt` This commit cleans the location path before comparing it to the resource path. Issue: SPR-12624
1 parent bb5da15 commit 77c8aa5

File tree

2 files changed

+16
-6
lines changed

2 files changed

+16
-6
lines changed

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2014 the original author or authors.
2+
* Copyright 2002-2015 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
2525
import org.springframework.core.io.ClassPathResource;
2626
import org.springframework.core.io.Resource;
2727
import org.springframework.core.io.UrlResource;
28+
import org.springframework.util.StringUtils;
2829
import org.springframework.web.context.support.ServletContextResource;
2930

3031
/**
@@ -164,19 +165,19 @@ private boolean isResourceUnderLocation(Resource resource, Resource location) th
164165
String locationPath;
165166
if (resource instanceof UrlResource) {
166167
resourcePath = resource.getURL().toExternalForm();
167-
locationPath = location.getURL().toExternalForm();
168+
locationPath = StringUtils.cleanPath(location.getURL().toString());
168169
}
169170
else if (resource instanceof ClassPathResource) {
170171
resourcePath = ((ClassPathResource) resource).getPath();
171-
locationPath = ((ClassPathResource) location).getPath();
172+
locationPath = StringUtils.cleanPath(((ClassPathResource) location).getPath());
172173
}
173174
else if (resource instanceof ServletContextResource) {
174175
resourcePath = ((ServletContextResource) resource).getPath();
175-
locationPath = ((ServletContextResource) location).getPath();
176+
locationPath = StringUtils.cleanPath(((ServletContextResource) location).getPath());
176177
}
177178
else {
178179
resourcePath = resource.getURL().getPath();
179-
locationPath = location.getURL().getPath();
180+
locationPath = StringUtils.cleanPath(location.getURL().getPath());
180181
}
181182
locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath : locationPath + "/");
182183
if (!resourcePath.startsWith(locationPath)) {

spring-webmvc/src/test/java/org/springframework/web/servlet/resource/PathResourceResolverTests.java

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2014 the original author or authors.
2+
* Copyright 2002-2015 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -108,4 +108,13 @@ public void checkServletContextResource() throws Exception {
108108
assertTrue(this.resolver.checkResource(resource, servletContextLocation));
109109
}
110110

111+
// SPR-12624
112+
@Test
113+
public void checkRelativeLocation() throws Exception {
114+
String locationUrl= new UrlResource(getClass().getResource("./test/")).getURL().toExternalForm();
115+
Resource location = new UrlResource(locationUrl.replace("/springframework","/../org/springframework"));
116+
117+
assertNotNull(this.resolver.resolveResource(null, "main.css", Arrays.asList(location), null));
118+
}
119+
111120
}

0 commit comments

Comments
 (0)