From 4682e6381ff9a98ffa850026622640c35df67c5e Mon Sep 17 00:00:00 2001 From: Lachlan Roberts Date: Fri, 15 Oct 2021 12:01:35 +1100 Subject: [PATCH] Issue #6497 - add warnings for alias checker deprecations Signed-off-by: Lachlan Roberts --- .../org/eclipse/jetty/server/SameFileAliasChecker.java | 10 ++++++++++ .../eclipse/jetty/server/handler/ContextHandler.java | 5 +++++ 2 files changed, 15 insertions(+) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/SameFileAliasChecker.java b/jetty-server/src/main/java/org/eclipse/jetty/server/SameFileAliasChecker.java index 8185766d46e..a79f2f950ea 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/SameFileAliasChecker.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/SameFileAliasChecker.java @@ -13,6 +13,7 @@ package org.eclipse.jetty.server; +import java.io.File; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; @@ -46,9 +47,18 @@ public class SameFileAliasChecker implements AliasCheck { private static final Logger LOG = LoggerFactory.getLogger(SameFileAliasChecker.class); + public SameFileAliasChecker() + { + LOG.warn("SameFileAliasChecker is deprecated"); + } + @Override public boolean check(String pathInContext, Resource resource) { + // Do not allow any file separation characters in the URI. + if (File.separatorChar != '/' && pathInContext.indexOf(File.separatorChar) >= 0) + return false; + // Only support PathResource alias checking if (!(resource instanceof PathResource)) return false; diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java index b95ad58cfee..3094af56edd 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java @@ -3041,6 +3041,11 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu @Deprecated public static class ApproveAliases implements AliasCheck { + public ApproveAliases() + { + LOG.warn("ApproveAliases is deprecated"); + } + @Override public boolean check(String pathInContext, Resource resource) {