merge from jetty-8
This commit is contained in:
Jesse McConnell
commit
a7c074a86c
|
|
@ -24,6 +24,7 @@ import java.io.FileInputStream;
|
|||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
|
|
@ -466,9 +467,9 @@ public class HashSessionManager extends AbstractSessionManager
|
|||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
public void setStoreDirectory (File dir)
|
||||
public void setStoreDirectory (File dir) throws IOException
|
||||
{
|
||||
_storeDir=dir;
|
||||
_storeDir=dir.getCanonicalFile();
|
||||
}
|
||||
|
||||
/* ------------------------------------------------------------ */
|
||||
|
|
@ -528,6 +529,7 @@ public class HashSessionManager extends AbstractSessionManager
|
|||
protected synchronized HashedSession restoreSession(String idInCuster)
|
||||
{
|
||||
File file = new File(_storeDir,idInCuster);
|
||||
|
||||
FileInputStream in = null;
|
||||
Exception error = null;
|
||||
try
|
||||
|
|
@ -552,13 +554,15 @@ public class HashSessionManager extends AbstractSessionManager
|
|||
|
||||
if (error != null)
|
||||
{
|
||||
if (isDeleteUnrestorableSessions() && file.exists())
|
||||
if (isDeleteUnrestorableSessions() && file.exists() && file.getParentFile().equals(_storeDir) )
|
||||
{
|
||||
file.delete();
|
||||
LOG.warn("Deleting file for unrestorable session "+idInCuster, error);
|
||||
}
|
||||
else
|
||||
LOG.warn("Problem restoring session "+idInCuster, error);
|
||||
{
|
||||
__log.warn("Problem restoring session "+idInCuster, error);
|
||||
}
|
||||
}
|
||||
else
|
||||
file.delete(); //delete successfully restored file
|
||||
|
|
|
|||
|
|
@ -0,0 +1,50 @@
|
|||
//
|
||||
// ========================================================================
|
||||
// Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
|
||||
// ------------------------------------------------------------------------
|
||||
// All rights reserved. This program and the accompanying materials
|
||||
// are made available under the terms of the Eclipse Public License v1.0
|
||||
// and Apache License v2.0 which accompanies this distribution.
|
||||
//
|
||||
// The Eclipse Public License is available at
|
||||
// http://www.eclipse.org/legal/epl-v10.html
|
||||
//
|
||||
// The Apache License v2.0 is available at
|
||||
// http://www.opensource.org/licenses/apache2.0.php
|
||||
//
|
||||
// You may elect to redistribute this code under either of these licenses.
|
||||
// ========================================================================
|
||||
//
|
||||
|
||||
package org.eclipse.jetty.server.session;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
import junit.framework.Assert;
|
||||
|
||||
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||
import org.junit.Test;
|
||||
|
||||
public class HashSessionManagerTest
|
||||
{
|
||||
|
||||
@Test
|
||||
public void testDangerousSessionId() throws Exception
|
||||
{
|
||||
final HashSessionManager manager = new HashSessionManager();
|
||||
manager.setDeleteUnrestorableSessions(true);
|
||||
manager.setLazyLoad(true);
|
||||
File testDir = MavenTestingUtils.getTargetTestingDir("hashes");
|
||||
testDir.mkdirs();
|
||||
manager.setStoreDirectory(testDir);
|
||||
|
||||
MavenTestingUtils.getTargetFile("dangerFile.session").createNewFile();
|
||||
|
||||
Assert.assertTrue("File should exist!", MavenTestingUtils.getTargetFile("dangerFile.session").exists());
|
||||
|
||||
manager.getSession("../../dangerFile.session");
|
||||
|
||||
Assert.assertTrue("File should exist!", MavenTestingUtils.getTargetFile("dangerFile.session").exists());
|
||||
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue