- From: Olivier Thereaux via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 18 Mar 2005 08:38:01 +0000
- To: www-validator-cvs@w3.org
Update of /sources/public/2002/css-validator/org/w3c/css/util
In directory hutz:/tmp/cvs-serv14989
Modified Files:
HTTPURL.java
Log Message:
The previous patch might have been too lax - adding back a test for http
(or https - see http://www.w3.org/Bugs/Public/show_bug.cgi?id=148 ) scheme,
which should get us rid of the risk for file:// URIs to be accessible...
(thanks bjoern!)
Index: HTTPURL.java
===================================================================
RCS file: /sources/public/2002/css-validator/org/w3c/css/util/HTTPURL.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- HTTPURL.java 18 Mar 2005 08:19:23 -0000 1.12
+++ HTTPURL.java 18 Mar 2005 08:37:59 -0000 1.13
@@ -152,6 +152,16 @@
if (Util.servlet) {
int port = url.getPort();
String protocol = url.getProtocol();
+ if (! (
+ ("https".equalsIgnoreCase(protocol)) || ("http".equalsIgnoreCase(protocol))
+ ) ) {
+ System.err.println( "[WARNING] : someone is trying to get the file: "
+ + url );
+ throw new FileNotFoundException("import " + url +
+ ": Operation not permitted");
+ }
+
+
}
URLConnection urlC = url.openConnection();
Received on Friday, 18 March 2005 08:38:02 UTC