Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jetty-7' into jetty-8

This commit is contained in:
Jesse McConnell 2013-01-25 15:24:41 -06:00
parent 368d7bbb72 d4568feba6
commit d8a3b76862
2 changed files with 40 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
jetty-server/src/main/java/org/eclipse/jetty/server/session/HashSessionManager.java
View File

@ -24,6 +24,7 @@ import java.io.FileInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.ObjectInputStream; import java.io.ObjectInputStream;
import java.net.URI;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map; import java.util.Map;
@ -436,9 +437,9 @@ public class HashSessionManager extends AbstractSessionManager
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
public void setStoreDirectory (File dir) public void setStoreDirectory (File dir) throws IOException
{ {
_storeDir=dir; _storeDir=dir.getCanonicalFile();
} }
/* ------------------------------------------------------------ */ /* ------------------------------------------------------------ */
@ -498,6 +499,7 @@ public class HashSessionManager extends AbstractSessionManager
protected synchronized HashedSession restoreSession(String idInCuster) protected synchronized HashedSession restoreSession(String idInCuster)
{ {
File file = new File(_storeDir,idInCuster); File file = new File(_storeDir,idInCuster);
FileInputStream in = null; FileInputStream in = null;
Exception error = null; Exception error = null;
try try
@ -522,14 +524,16 @@ public class HashSessionManager extends AbstractSessionManager
if (error != null) if (error != null)
{ {
if (isDeleteUnrestorableSessions() && file.exists()) if (isDeleteUnrestorableSessions() && file.exists() && file.getParentFile().equals(_storeDir) )
{ {
file.delete(); file.delete();
__log.warn("Deleting file for unrestorable session "+idInCuster, error); __log.warn("Deleting file for unrestorable session "+idInCuster, error);
} }
else else
{
__log.warn("Problem restoring session "+idInCuster, error); __log.warn("Problem restoring session "+idInCuster, error);
} }
}
else else
file.delete(); //delete successfully restored file file.delete(); //delete successfully restored file

32
jetty-server/src/test/java/org/eclipse/jetty/server/session/HashSessionManagerTest.java Normal file
View File

@ -0,0 +1,32 @@
package org.eclipse.jetty.server.session;
import java.io.File;
import junit.framework.Assert;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.junit.Test;
public class HashSessionManagerTest
{
@Test
public void testDangerousSessionId() throws Exception
{
final HashSessionManager manager = new HashSessionManager();
manager.setDeleteUnrestorableSessions(true);
manager.setLazyLoad(true);
File testDir = MavenTestingUtils.getTargetTestingDir("hashes");
testDir.mkdirs();
manager.setStoreDirectory(testDir);
MavenTestingUtils.getTargetFile("dangerFile.session").createNewFile();
Assert.assertTrue("File should exist!", MavenTestingUtils.getTargetFile("dangerFile.session").exists());
manager.getSession("../../dangerFile.session");
Assert.assertTrue("File should exist!", MavenTestingUtils.getTargetFile("dangerFile.session").exists());
}
}