Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotfix 6.0.x sup 16004 #230

Merged
merged 3 commits into from
Mar 26, 2024
Merged

Hotfix 6.0.x sup 16004 #230

merged 3 commits into from
Mar 26, 2024

Conversation

plyhun
Copy link
Contributor

@plyhun plyhun commented Mar 21, 2024

No description provided.

@plyhun plyhun requested a review from npomaroli March 21, 2024 10:32
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Serhii Plyhun seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

1 similar comment
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Serhii Plyhun seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

plyhun
plyhun commented Mar 21, 2024
View reviewed changes
...c/main/java/com/gentics/contentnode/servlets/SelectedSymlinkAllowedResourceAliasChecker.java
* An extension of {@link AllowedResourceAliasChecker} which will allow symlinks alias to arbitrary
* targets, if the path is in the whitelist.
*/
public class SelectedSymlinkAllowedResourceAliasChecker extends AllowedResourceAliasChecker
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we cannot reuse an existing SymlinkAllowedResourceAliasChecker for two reasons.

  1. It is enabled by default, thus - useless.
  2. It is useless, because of its ultimate dependency on a base webroot, which is set to /webroot, which is based on an application classpath root, and not the root we set in the distinct handler.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NB: Fresher Jetty version extends the possibility of AliasCheckers, though it requires a refactoring / overall stability check.
jetty/jetty.project#8259

npomaroli
npomaroli requested changes Mar 22, 2024
View reviewed changes
Copy link
Member

@npomaroli npomaroli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested with the example setup of the ticket and it did not work (static file from symlinked package is not availalbe).

@plyhun
Copy link
Contributor Author

plyhun commented Mar 22, 2024

Tested with the example setup of the ticket and it did not work (static file from symlinked package is not availalbe).

I was able to replicate the issue on a local setup. Will re-check with the provided docker environment as well.

@plyhun plyhun requested a review from npomaroli March 25, 2024 13:35
@npomaroli npomaroli merged commit d3052e7 into hotfix-6.0.x Mar 26, 2024
1 check was pending
@npomaroli npomaroli deleted the hotfix-6.0.x-sup-16004 branch March 26, 2024 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npomaroli npomaroli npomaroli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@plyhun @CLAassistant @npomaroli