W3C home > Mailing lists > Public > www-jigsaw@w3.org > July to August 1996

aDmin vs Admin, a fix

From: Anselm Baird-Smith <abaird@w3.org>
Date: Fri, 9 Aug 1996 17:58:09 +0500
Message-Id: <9608092158.AA02243@www18.w3.org>
To: jeff@macalot.com (Jeff Dripps)
Cc: www-jigsaw@w3.org

Jeff Dripps writes:
 > >Jeff Dripps writes:
 > The Mac file system is not case sensitive and File.list() does return the
 > exact file name, i.e., aDmin or Admin etc, and yes you should be able on
 > Mac to look at the File.list() to determine an exact name match to resource
 > so fix for Win* and Mac should be the same.
 > 

Find enclosed the 'createDefaultResource' DirectoryResource method,
that fixes the security problem of Jigsaw on non-case-sensitive file
systems. Ity's pretty obvious, and the slow-down will affect only a
small portion of the requests...

Anselm.
BTW: I haven't tried it on Win, but on solaris it works ;-)
BTW2: change getFileSystemSensitivity with whatever is appropriate (it
my Jigsaw version, it's a property settable through /Admin/Properties)

    public synchronized HTTPResource createDefaultResource(String name) {
	// Don't automagically create resources of name '..' or '.'
	if (name.equals("..") || name.equals("."))
	    return null ;
	// Is there a file with such a name ?
	File file = new File(getDirectory(), name) ;
	if ( ! file.exists() )
	    return null ;
	// If the file system is not case sensitive, emulate it :-(
	if ( ! getServer().getFileSystemSensitivity() ) {
	    File directory = getDirectory();
	    if ( directory == null )
		return null;
	    String  files[] = directory.list();
	    boolean found   = false;
	    for (int i = 0 ; i < files.length ; i++) {
		if (found = files[i].equals(name))
		    break;
	    }
	    if ( ! found )
		return null;
	}
	// Try building a default resource for it:
	ResourceIndexer indexer = getServer().getIndexer() ;
	// Prepare a set of default parameters for the resource:
	acquireChildren() ;
	Hashtable defs = new Hashtable(10) ;
	defs.put("parent", this);
	defs.put("resource-store", children) ;
	defs.put("server", getServer()) ;
	defs.put("url", getURL() + name);
	// Try to get the indexer to create the resource:
	HTTPResource resource = indexer.createResource(getDirectory()
						       , name
						       , defs) ;
	if ( resource != null ) {
	    // Register this child in our store:
	    children.addResource(resource) ;
	    // Update or create any relevant negotiable resource:
	    if ( getNegotiableFlag() ) 
		updateNegotiableResource(name) ;
	    markModified() ;
	}
	return resource ;
    }
Received on Friday, 9 August 1996 17:58:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:25 GMT