1 package org.apache.maven.archiva.web.repository;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.commons.lang.StringUtils;
23 import org.codehaus.plexus.util.FileUtils;
25 import javax.servlet.http.HttpServletRequest;
26 import javax.servlet.http.HttpServletRequestWrapper;
29 * PolicingServletRequest is for policing the incoming request for naughty bits, such as a double slashes,
30 * or paths that include "/../" type syntax, or query string. Stripping out all things that are
33 * @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
36 public class PolicingServletRequest
37 extends HttpServletRequestWrapper
38 implements HttpServletRequest
40 private String fixedPathInfo;
42 public PolicingServletRequest( HttpServletRequest originalRequest )
44 super( originalRequest );
46 fixedPathInfo = originalRequest.getPathInfo();
48 if ( StringUtils.isNotBlank( fixedPathInfo ) )
50 /* Perform a simple security normalization of the requested pathinfo.
51 * This is to cleanup requests that use "/../" or "///" type hacks.
53 fixedPathInfo = FileUtils.normalize( fixedPathInfo );
58 public String getPathInfo()
64 public String getQueryString()
66 // No query string allowed.
projects / archiva.git / blob