RFR: 8157716: jdk.internal.loader.ClassLoaders.addURLToUCP() should return converted real path URL
Martin Buchholz
martinrb at google.com
Wed May 25 19:04:19 UTC 2016
Since canonicalization is an important part of this API, I suggest
renaming toFileURL to
toCanonicalFileURL by analogy with getCanonicalFile.
Also, I'm sure your security experts have already considered the
implications of following or not following symlinks when matching
user-provided paths ...
On Wed, May 25, 2016 at 11:55 AM, Jiangli Zhou <jiangli.zhou at oracle.com> wrote:
>
>> On May 25, 2016, at 11:43 AM, Alan Bateman <Alan.Bateman at oracle.com> wrote:
>>
>>
>>
>> On 25/05/2016 19:28, Jiangli Zhou wrote:
>>> Here is the updated webrev:
>>>
>>> http://cr.openjdk.java.net/~jiangli/8157716/webrev.01/
>> This patch changes long standing behavior in URLs to resources on the class path will no longer be URLs to the canonical file path. It's might be okay but it's impossible to know. I thought the first patch was okay, except for the typo that Martin pointed out.
>
> My mistake. I’ve re-updated the above webrev. Please refresh the link.
>
> Thanks,
> Jiangli
>
>>
>> -Alan
>
More information about the core-libs-dev
mailing list