List of usage examples for org.springframework.util StringUtils cleanPath
public static String cleanPath(String path)
From source file:org.springframework.web.reactive.resource.ResourceWebHandler.java
/** * Identifies invalid resource paths. By default rejects: * <ul>//from w ww . j av a2 s. c o m * <li>Paths that contain "WEB-INF" or "META-INF" * <li>Paths that contain "../" after a call to * {@link StringUtils#cleanPath}. * <li>Paths that represent a {@link ResourceUtils#isUrl * valid URL} or would represent one after the leading slash is removed. * </ul> * <p><strong>Note:</strong> this method assumes that leading, duplicate '/' * or control characters (e.g. white space) have been trimmed so that the * path starts predictably with a single '/' or does not have one. * @param path the path to validate * @return {@code true} if the path is invalid, {@code false} otherwise */ protected boolean isInvalidPath(String path) { if (logger.isTraceEnabled()) { logger.trace("Applying \"invalid path\" checks to path: " + path); } if (path.contains("WEB-INF") || path.contains("META-INF")) { if (logger.isTraceEnabled()) { logger.trace("Path contains \"WEB-INF\" or \"META-INF\"."); } return true; } if (path.contains(":/")) { String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path); if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) { if (logger.isTraceEnabled()) { logger.trace("Path represents URL or has \"url:\" prefix."); } return true; } } if (path.contains("..")) { path = StringUtils.cleanPath(path); if (path.contains("../")) { if (logger.isTraceEnabled()) { logger.trace("Path contains \"../\" after call to StringUtils#cleanPath."); } return true; } } return false; }
From source file:org.springframework.web.servlet.support.AbstractFlashMapManager.java
@Nullable private String decodeAndNormalizePath(@Nullable String path, HttpServletRequest request) { if (path != null) { path = getUrlPathHelper().decodeRequestString(request, path); if (path.charAt(0) != '/') { String requestUri = getUrlPathHelper().getRequestUri(request); path = requestUri.substring(0, requestUri.lastIndexOf('/') + 1) + path; path = StringUtils.cleanPath(path); }// ww w. ja va2 s. c om } return path; }
From source file:org.springframework.web.servlet.support.DefaultFlashMapManager.java
private String decodeAndNormalizePath(String path, HttpServletRequest request) { if (path != null) { path = this.urlPathHelper.decodeRequestString(request, path); if (path.charAt(0) != '/') { String requestUri = this.urlPathHelper.getRequestUri(request); path = requestUri.substring(0, requestUri.lastIndexOf('/') + 1) + path; path = StringUtils.cleanPath(path); }//from w w w .j a va2s.c o m } return path; }