1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.velocity.internal.util; |
21 |
|
|
22 |
|
import java.net.URI; |
23 |
|
|
24 |
|
import org.apache.velocity.app.event.IncludeEventHandler; |
25 |
|
import org.slf4j.Logger; |
26 |
|
import org.slf4j.LoggerFactory; |
27 |
|
|
28 |
|
|
29 |
|
|
30 |
|
|
31 |
|
@version |
32 |
|
@since |
33 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (9) |
Complexity: 2 |
Complexity Density: 0.33 |
|
34 |
|
public class RestrictParseLocationEventHandler implements IncludeEventHandler |
35 |
|
{ |
36 |
|
|
37 |
|
private static final Logger LOGGER = LoggerFactory.getLogger(RestrictParseLocationEventHandler.class); |
38 |
|
|
39 |
|
|
40 |
|
|
41 |
|
|
42 |
|
private static final String BASE_TEMPLATE_DIRECTORY = "/templates/"; |
43 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (8) |
Complexity: 2 |
Complexity Density: 0.33 |
|
44 |
2 |
@Override... |
45 |
|
public String includeEvent(String includeResourcePath, String currentResourcePath, |
46 |
|
String directiveName) |
47 |
|
{ |
48 |
2 |
LOGGER.trace("Velocity include event: include [{}] from [{}] using [{}]", |
49 |
|
new Object[] { includeResourcePath, currentResourcePath, directiveName }); |
50 |
2 |
String template = URI.create(BASE_TEMPLATE_DIRECTORY + includeResourcePath).normalize().toString(); |
51 |
2 |
if (!template.startsWith(BASE_TEMPLATE_DIRECTORY)) { |
52 |
1 |
LOGGER.warn("Direct access to template file [{}] refused. Possible break-in attempt!", template); |
53 |
1 |
return null; |
54 |
|
} |
55 |
1 |
return template; |
56 |
|
} |
57 |
|
} |