Alternate fix for #6497

Signed-off-by: Greg Wilkins <gregw@webtide.com>
jetty · Aug 30, 2021 · 48880c6 · 48880c6
1 parent 497687d
commit 48880c6
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/AllowedResourceAliasChecker.java b/jetty-server/src/main/java/org/eclipse/jetty/server/AllowedResourceAliasChecker.java
@@ -111,17 +111,17 @@ public boolean check(String pathInContext, Resource resource)
         }
     }
 
-    protected boolean check(String pathInContext, Path path) throws Exception
+    protected boolean check(String pathInContext, Path path)
     {
         // Allow any aliases (symlinks, 8.3, casing, etc.) so long as
         // the resulting real file is allowed.
-        return isAllowed(path.toRealPath(FOLLOW_LINKS));
+        return isAllowed(getRealPath(path));
     }
 
     protected boolean isAllowed(Path path)
     {
         // If the resource doesn't exist we cannot determine whether it is protected so we assume it is.
-        if (Files.exists(path))
+        if (path != null && Files.exists(path))
         {
             // Walk the path parent links looking for the base resource, but failing if any steps are protected
             while (path != null)