TokenList(String url) { StringTokenizer tknzr = new StringTokenizer(url, "/\\"); tokens = new String[tknzr.countTokens()]; rawTokens = new String[tknzr.countTokens()]; for (int i = 0; tknzr.hasMoreTokens(); i++) { rawTokens[i] = tknzr.nextToken(); tokens[i] = decode(rawTokens[i]); // Do not allow directory traversal if (tokens[i].equals("..")) { throw new IllegalArgumentException(url); } } }
TokenList(String url) { // to avoid a directory traversal vulnerability in Windows, treat '\\' as a path separator just like '/' StringTokenizer tknzr = new StringTokenizer(url,"/\\"); final int tokenCount = tknzr.countTokens(); tokens = new String[tokenCount]; rawTokens = new String[tokenCount]; for(int i=0; tknzr.hasMoreTokens(); i++) { rawTokens[i] = tknzr.nextToken(); tokens[i] = decode(rawTokens[i]); if (tokens[i].equals("..")) throw new IllegalArgumentException(url); } endsWithSlash = url.endsWith("/") || url.endsWith("\\"); }
TokenList(String url) { // to avoid a directory traversal vulnerability in Windows, treat '\\' as a path separator just like '/' StringTokenizer tknzr = new StringTokenizer(url,"/\\"); final int tokenCount = tknzr.countTokens(); tokens = new String[tokenCount]; rawTokens = new String[tokenCount]; for(int i=0; tknzr.hasMoreTokens(); i++) { rawTokens[i] = tknzr.nextToken(); tokens[i] = decode(rawTokens[i]); if (tokens[i].equals("..")) throw new IllegalArgumentException(url); } endsWithSlash = url.endsWith("/") || url.endsWith("\\"); }
c.put(axis,TokenList.decode(v.getName()));
c.put(axis,TokenList.decode(v.getName()));
c.put(axis, TokenList.decode(v.getName()));
c.put(axis,TokenList.decode(v.getName()));
c.put(axis,TokenList.decode(v.getName()));