Improve static resource path check

rstoyanchev · jhoeller · commit fc37824bc08a · 2016-06-29T15:41:33.000+02:00
(cherry picked from commit 2697425)
diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -281,7 +281,7 @@ protected boolean isInvalidPath(String path) {
 				return true;
 			}
 		}
-		if (path.contains("../")) {
+		if (path.contains("..")) {
 			path = StringUtils.cleanPath(path);
 			if (path.contains("../")) {
 				if (logger.isTraceEnabled()) {

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2014 the original author or authors.`
	`2`	`+ * Copyright 2002-2016 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -281,7 +281,7 @@ protected boolean isInvalidPath(String path) {`
`281`	`281`	`return true;`
`282`	`282`	`}`
`283`	`283`	`}`
`284`		`- if (path.contains("../")) {`
	`284`	`+ if (path.contains("..")) {`
`285`	`285`	`path = StringUtils.cleanPath(path);`
`286`	`286`	`if (path.contains("../")) {`
`287`	`287`	`if (logger.isTraceEnabled()) {`