Merge branch '10-experiment' into F100-ZK-5119

zkoss · Sep 5, 2023 · bf4a243 · bf4a243
2 parents c16217a + e92067c
commit bf4a243
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 48 deletions.
diff --git a/javadoc.gradle b/javadoc.gradle
@@ -1,48 +1,6 @@
 // Script for build javadoc and jsdoc
 
 def currentYear = new Date().format("yyyy")
-def javadocClassPath = files(
-		"$rootDir/dist/lib/zcommons-el.jar",
-		"$rootDir/dist/lib/ext/slf4j-api.jar",
-		"$rootDir/dist/lib/ext/servlet-api.jar",
-		"$rootDir/dist/lib/ext/jython.jar",
-		"$rootDir/dist/lib/ext/js.jar",
-		"$rootDir/dist/lib/ext/jruby.jar",
-		"$rootDir/dist/lib/ext/bsh.jar",
-		"$rootDir/dist/lib/ext/guava.jar",
-		"$rootDir/dist/lib/ext/groovy.jar",
-		"$rootDir/dist/lib/ext/portlet-api.jar",
-		"$rootDir/dist/lib/ext/closure-compiler-unshaded.jar",
-		"$rootDir/dist/lib/ext/commons-io.jar",
-		"$rootDir/dist/lib/ext/commons-fileupload.jar",
-		"$rootDir/dist/lib/ext/zsoup.jar",
-		"$rootDir/dist/lib/ext/zkdiffer.jar",
-		"$rootDir/dist/lib/ext/spring-core-5.2.15.RELEASE.jar",
-		"$rootDir/dist/lib/ext/spring-beans-5.2.15.RELEASE.jar",
-		"$rootDir/dist/lib/ext/spring-context-5.2.15.RELEASE.jar",
-		"$rootDir/dist/lib/ext/spring-web-5.2.15.RELEASE.jar",
-		"$rootDir/dist/lib/ext/javax.inject-1.jar",
-		"$rootDir/dist/lib/ext/javaee-api.jar",
-		"$rootDir/dist/lib/ext/javassist.jar",
-		"$rootDir/dist/lib/ext/jfreechart.jar",
-		"$rootDir/dist/lib/ext/commons-el.jar",
-		"$rootDir/dist/lib/ext/jackson-databind.jar",
-		"$rootDir/dist/lib/ext/jasperreports.jar",
-		"$rootDir/dist/lib/ext/acegi-security.jar",
-		"$rootDir/dist/lib/ext/s2-framework.jar",
-		"$rootDir/dist/lib/ext/ognl.jar",
-		"$rootDir/dist/lib/ext/mvel.jar",
-		"$rootDir/dist/lib/ext/jcommon.jar",
-		"$rootDir/dist/lib/ext/jackson-core.jar",
-		"$rootDir/dist/lib/ext/Filters.jar",
-		"$rootDir/dist/lib/ext/jackson-annotations.jar",
-		"$rootDir/dist/lib/ext/value.jar",
-		"$rootDir/dist/lib/ext/value-processor.jar",
-		"$rootDir/dist/lib/ext/metainf.jar",
-		"$rootDir/dist/lib/ext/generator.jar",
-		"$rootDir/dist/lib/ext/reflections.jar",
-		"$rootDir/dist/lib/ext/junit-jupiter-api.jar"
-)
 // general javadoc options
 def javadocOptions = {
 	options.author true
@@ -93,8 +51,26 @@ task alljavadoc(type: Javadoc) {
 			'**/*.jjt',
 			'**/**.template' //stateless action type template
 	destinationDir = file("$buildDir/docs/javadoc/zk")
-	classpath = javadocClassPath
 
+	subprojects.forEach(prj -> {
+		classpath += prj.sourceSets.main.compileClasspath
+	})
+	gradle.includedBuilds.each {
+//		println ">>>>>>>>$it.name"
+		if (it.name != 'zkthemes' && it.name != 'zksandbox') {
+			def rootGradle = it.properties['target'].properties['buildController'].gradle
+			it.properties['target'].properties['availableModules'].each {
+				def prj = rootGradle.rootProject.findProject(it.right.identityPath.toString())
+				if (!prj) {
+					prj = rootGradle.rootProject.findProject(it.right.projectPath.toString())
+				}
+//				println ">>> name: " + prj.name
+				if (prj) {
+					classpath += prj.configurations.compileClasspath
+				}
+			}
+		}
+	}
 	doLast {
 		addJavadocFooter("$buildDir/docs/javadoc/zk", footerMessage)
 
@@ -141,7 +117,7 @@ subprojects {
 		destinationDir = file("$buildDir/docs/javadoc")
 
 		// add jars in dist into classpath
-		classpath += javadocClassPath
+		classpath += configurations.compileClasspath
 		// add jars in other projects(zk & cml) into classpath
 		classpath += files(zkprojects.collect {prj, dir ->
 			"$dir/build/libs/$prj-${version}.jar"

diff --git a/zk/src/main/java/org/zkoss/zk/au/http/DHtmlResourceServlet.java b/zk/src/main/java/org/zkoss/zk/au/http/DHtmlResourceServlet.java
@@ -118,7 +118,7 @@ static boolean doGet0(HttpServletRequest request, HttpServletResponse response,
 
 				// Fix path traversal vulnerabilities
 				Path normalized = Path.of(pi).normalize();
-				if (!normalized.startsWith(ClassWebResource.PATH_PREFIX)) {
+				if (!normalized.toString().startsWith(ClassWebResource.PATH_PREFIX)) {
 					throw new IllegalArgumentException("User path escapes the base path [" + normalized + "]");
 				}
 				cwr.service(request, response, pi.substring(ClassWebResource.PATH_PREFIX.length()));

diff --git a/zweb/src/main/java/org/zkoss/web/util/resource/ClassWebResource.java b/zweb/src/main/java/org/zkoss/web/util/resource/ClassWebResource.java
@@ -162,7 +162,7 @@ public URL getResource(String uri) {
 		}
 		// Fix path traversal vulnerabilities
 		Path normalized = Path.of(PATH_PREFIX, uri).normalize();
-		if (!normalized.startsWith(PATH_PREFIX)) {
+		if (!normalized.toString().startsWith(PATH_PREFIX)) {
 			throw new IllegalArgumentException("User path escapes the base path [" + normalized + "]");
 		}
 		return Locators.getDefault().getResource(PATH_PREFIX + uri);
@@ -183,7 +183,7 @@ public InputStream getResourceAsStream(String uri) {
 
 		// Fix path traversal vulnerabilities
 		Path normalized = Path.of(PATH_PREFIX, uri).normalize();
-		if (!normalized.startsWith(PATH_PREFIX)) {
+		if (!normalized.toString().startsWith(PATH_PREFIX)) {
 			throw new IllegalArgumentException("User path escapes the base path [" + normalized + "]");
 		}
 		return Locators.getDefault().getResourceAsStream(PATH_PREFIX + uri);
@@ -281,7 +281,7 @@ public void service(HttpServletRequest request, HttpServletResponse response) th
 
 			// Fix path traversal vulnerabilities
 			Path normalized = Path.of(pi).normalize();
-			if (!normalized.startsWith(PATH_PREFIX)) {
+			if (!normalized.toString().startsWith(PATH_PREFIX)) {
 				throw new IllegalArgumentException("User path escapes the base path [" + normalized + "]");
 			}
 			service(request, response, pi.substring(PATH_PREFIX.length()));