/** * This method serves static resources in the plugin under {@code hudson/plugin/SHORTNAME}. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); String pathUC = path.toUpperCase(Locale.ENGLISH); if (path.isEmpty() || path.contains("..") || path.startsWith(".") || path.contains("%") || pathUC.contains("META-INF") || pathUC.contains("WEB-INF") // ClassicPluginStrategy#explode produce that file to know if a new explosion is required or not || pathUC.equals("/.TIMESTAMP2") ) { LOGGER.warning("rejecting possibly malicious " + req.getRequestURIWithQueryString()); rsp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } // Stapler routes requests like the "/static/.../foo/bar/zot" to be treated like "/foo/bar/zot" // and this is used to serve long expiration header, by using Jenkins.VERSION_HASH as "..." // to create unique URLs. Recognize that and set a long expiration header. String requestPath = req.getRequestURI().substring(req.getContextPath().length()); boolean staticLink = requestPath.startsWith("/static/"); long expires = staticLink ? TimeUnit.DAYS.toMillis(365) : -1; // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, new URL(wrapper.baseResourceURL, '.' + path), expires); }
/** * Exposes assets in the core classloader over HTTP. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); URL resource = findResource(path); if (resource == null) { rsp.setStatus(HttpServletResponse.SC_NOT_FOUND); return; } // Stapler routes requests like the "/static/.../foo/bar/zot" to be treated like "/foo/bar/zot" // and this is used to serve long expiration header, by using Jenkins.VERSION_HASH as "..." // to create unique URLs. Recognize that and set a long expiration header. String requestPath = req.getRequestURI().substring(req.getContextPath().length()); boolean staticLink = requestPath.startsWith("/static/"); long expires = staticLink ? TimeUnit.DAYS.toMillis(365) : -1; // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, resource, expires); }
/** {@inheritDoc} */ @Override public void serveLocalizedFile(StaplerRequest request, URL res) throws ServletException, IOException { getWrapped().serveLocalizedFile(request, res); }
/** {@inheritDoc} */ @Override public void serveLocalizedFile(StaplerRequest request, URL res, long expiration) throws ServletException, IOException { getWrapped().serveLocalizedFile(request, res, expiration); }
/** {@inheritDoc} */ @Override public void serveLocalizedFile(StaplerRequest request, URL res, long expiration) throws ServletException, IOException { getWrapped().serveLocalizedFile(request, res, expiration); }
/** {@inheritDoc} */ @Override public void serveLocalizedFile(StaplerRequest request, URL res) throws ServletException, IOException { getWrapped().serveLocalizedFile(request, res); }
/** * This method serves static resources in the plugin under <tt>hudson/plugin/SHORTNAME</tt>. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); if(path.length()==0) path = "/"; if(path.indexOf("..")!=-1 || path.length()<1) { // don't serve anything other than files in the sub directory. rsp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, new URL(wrapper.baseResourceURL,'.'+path)); }
/** * This method serves static resources in the plugin under <tt>hudson/plugin/SHORTNAME</tt>. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); if(path.length()==0) path = "/"; if(path.indexOf("..")!=-1 || path.length()<1) { // don't serve anything other than files in the sub directory. rsp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, new URL(wrapper.baseResourceURL,'.'+path)); }
/** * This method serves static resources in the plugin under <tt>hudson/plugin/SHORTNAME</tt>. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); if(path.length()==0) path = "/"; if(path.indexOf("..")!=-1 || path.length()<1) { // don't serve anything other than files in the sub directory. rsp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, new URL(wrapper.baseResourceURL,'.'+path)); }
/** * This method serves static resources in the plugin under * <tt>hudson/plugin/SHORTNAME</tt>. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException, URISyntaxException { String path = req.getRestOfPath(); if (path.length() == 0) { path = "/"; } String requestPath = req.getRequestURI().substring(req.getContextPath().length()); boolean staticLink = requestPath.startsWith("/static/"); long expires = staticLink ? TimeUnit2.DAYS.toMillis(365) : -1; try { rsp.serveLocalizedFile(req, wrapper.baseResourceURL.toURI().resolve(new URI(null, '.' + path, null)).toURL(), expires); } catch (URISyntaxException x) { throw new IOException(x); } }
/** * This method serves static resources in the plugin under <tt>hudson/plugin/SHORTNAME</tt>. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); if (path.startsWith("/META-INF/") || path.startsWith("/WEB-INF/")) { throw HttpResponses.notFound(); } if(path.length()==0) path = "/"; // Stapler routes requests like the "/static/.../foo/bar/zot" to be treated like "/foo/bar/zot" // and this is used to serve long expiration header, by using Jenkins.VERSION_HASH as "..." // to create unique URLs. Recognize that and set a long expiration header. String requestPath = req.getRequestURI().substring(req.getContextPath().length()); boolean staticLink = requestPath.startsWith("/static/"); long expires = staticLink ? TimeUnit.DAYS.toMillis(365) : -1; // use serveLocalizedFile to support automatic locale selection try { rsp.serveLocalizedFile(req, wrapper.baseResourceURL.toURI().resolve(new URI(null, '.' + path, null)).toURL(), expires); } catch (URISyntaxException x) { throw new IOException(x); } }
@Override public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { rsp.setHeader("Cache-Control", "public, s-maxage=86400"); if (wrapper == null) { super.doDynamic(req, rsp); return; } String path = req.getRestOfPath(); if (path.length() == 0) { path = "/"; } if (path.indexOf("..") != -1 || path.length() < 1) { // don't serve anything other than files in the sub directory. rsp.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, new URL(wrapper.baseResourceURL, '.' + path), 86400000); } }
/** * Exposes assets in the core classloader over HTTP. */ public void doDynamic(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException { String path = req.getRestOfPath(); URL resource = findResource(path); if (resource == null) { rsp.setStatus(HttpServletResponse.SC_NOT_FOUND); return; } // Stapler routes requests like the "/static/.../foo/bar/zot" to be treated like "/foo/bar/zot" // and this is used to serve long expiration header, by using Jenkins.VERSION_HASH as "..." // to create unique URLs. Recognize that and set a long expiration header. String requestPath = req.getRequestURI().substring(req.getContextPath().length()); boolean staticLink = requestPath.startsWith("/static/"); long expires = staticLink ? TimeUnit.DAYS.toMillis(365) : -1; // use serveLocalizedFile to support automatic locale selection rsp.serveLocalizedFile(req, resource, expires); }
/** * Dynamically handle the {@link StaplerRequest} * * @param request the {@link StaplerRequest} to handle * @param response the {@link StaplerResponse} to respond in * @throws IOException in case of IO errors * @throws ServletException in case of Servlet Errors */ public void doDynamic(StaplerRequest request, StaplerResponse response) throws IOException, ServletException { response.setHeader("Cache-Control", "public, s-maxage=86400"); if (JIRAPlugin.getPluginWrapper() == null) { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); return; } String path = request.getRestOfPath(); if (path.length() == 0) { path = "/"; } if (path.contains("..") || path.length() < 1) { response.sendError(HttpServletResponse.SC_BAD_REQUEST); return; } response.serveLocalizedFile(request, new URL(JIRAPlugin.getPluginWrapper().baseResourceURL, '.' + path), 86400000); }