Task #27 — Doc: RESTRICT_PATH must be canonicalPathAttached to Project — Jsp File Browser
Opened by Margaret Leber (MaggieL) - 18 Sep 2006
|Task Type||Feature Request||Severity||Medium|
|Category||Access restriction||Reported Version||1.2|
|Status||Unconfirmed||Due in Version||Undecided|
|Assigned To||No-one||Percent Complete|
private static final boolean RESTRICT_BROWSING = true;
private static final boolean RESTRICT_WHITELIST = true;
private static final String RESTRICT_PATH = "/work";
You are not allowed to access /work
I looked at isAllowed()...using getCanonicalPath() there could be a problem in situations where you don't want to expose the full pathname to a directory for security reasons and/or have symlinks in a UNIX filesystem.
It happens that in my case /work is a symlink to a place 'way deeper in the filesystem, and of course that's what getCanonicalPath() returns. If I use that full pathname in RESTRICT_PATH everything works fine.
This might be worth a mention in the README if using getPath() rather than getCanonicalPath() is a problem...which on very brief reflection I can see how it might be.