W3C home > Mailing lists > Public > www-validator-cvs@w3.org > March 2005

2002/css-validator/org/w3c/css/util HTTPURL.java,1.12,1.13

From: Olivier Thereaux via cvs-syncmail <cvsmail@w3.org>
Date: Fri, 18 Mar 2005 08:38:01 +0000
To: www-validator-cvs@w3.org
Message-ID: <E1DCCzZ-00042t-QH@lionel-hutz.w3.org>

Update of /sources/public/2002/css-validator/org/w3c/css/util
In directory hutz:/tmp/cvs-serv14989

Modified Files:
	HTTPURL.java 
Log Message:
The previous patch might have been too lax - adding back a test for http 
(or https - see http://www.w3.org/Bugs/Public/show_bug.cgi?id=148 ) scheme, 
which should get us rid of the risk for file:// URIs to be accessible... 
(thanks bjoern!)


Index: HTTPURL.java
===================================================================
RCS file: /sources/public/2002/css-validator/org/w3c/css/util/HTTPURL.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- HTTPURL.java	18 Mar 2005 08:19:23 -0000	1.12
+++ HTTPURL.java	18 Mar 2005 08:37:59 -0000	1.13
@@ -152,6 +152,16 @@
 	if (Util.servlet) {
 	    int port = url.getPort();
 	    String protocol = url.getProtocol();
+	if (! ( 
+		("https".equalsIgnoreCase(protocol)) || ("http".equalsIgnoreCase(protocol))
+	   )  ) {		
+ 		System.err.println( "[WARNING] : someone is trying to get the file: "
+ 				    + url );
+ 		throw new FileNotFoundException("import " + url +
+ 						": Operation not permitted");
+ 	    }
+
+
 	}
 	
 	URLConnection urlC = url.openConnection();
Received on Friday, 18 March 2005 08:38:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:54:48 GMT