opendev/gerrit
Code Issues Proposed changes

Fix attempts to access plugins/<plugin-name>

Browse Source 
The URI here was the same length as the context, thus incrementing
the context by 1 and trying to use that as an index into the URI
was resulting in an index error.

Fixed this way we disallow a plugin from serving content on this
page. If we want to allow it this fix needs to change.

Change-Id: I6c26584f46c8049fe3786018d9a09c1612e6a1c2
This commit is contained in:
Nasser Grainawi
2012-06-14 21:25:07 -07:00
committed by Shawn O. Pearce
parent cca7a0eb0b
commit 23bb0df05c
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gerrit-httpd/src/main/java/com/google/gerrit/httpd/plugins/HttpPluginServlet.java
View File

@@ -218,8 +218,12 @@ class HttpPluginServlet extends HttpServlet
String uri = req.getRequestURI();
String ctx = req.getContextPath();
String file = uri.substring(ctx.length() + 1);
if (uri.length() <= ctx.length()) {
Resource.NOT_FOUND.send(req, res);
return;
}
String file = uri.substring(ctx.length() + 1);
ResourceKey key = new ResourceKey(holder.plugin, file);
Resource rsc = resourceCache.getIfPresent(key);
if (rsc != null) {