Task #27 — Doc: RESTRICT_PATH must be canonicalPath
Attached to Project — Jsp File BrowserOpened by Margaret Leber (MaggieL) - 18 Sep 2006
| Task Type | Feature Request | Severity | Medium |
|---|---|---|---|
| Category | Access restriction | Reported Version | 1.2 |
| Status | Unconfirmed | Due in Version | Undecided |
| Assigned To | No-one | Percent Complete | 
|
| Operating System | Linux | ||
| Details |
I set
private static final boolean RESTRICT_BROWSING = true; private static final boolean RESTRICT_WHITELIST = true; private static final String RESTRICT_PATH = "/work"; and get You are not allowed to access /work I looked at isAllowed()...using getCanonicalPath() there could be a problem in situations where you don't want to expose the full pathname to a directory for security reasons and/or have symlinks in a UNIX filesystem. It happens that in my case /work is a symlink to a place 'way deeper in the filesystem, and of course that's what getCanonicalPath() returns. If I use that full pathname in RESTRICT_PATH everything works fine. This might be worth a mention in the README if using getPath() rather than getCanonicalPath() is a problem...which on very brief reflection I can see how it might be. |
||
Comments (0) | Attachments (0) | Related Tasks (0/0) | Notifications (1)