public boolean accept()

in wicket-core/src/main/java/org/apache/wicket/markup/html/PackageResourceGuard.java [69:171]

• 84 lines of code
• 21 McCabe index (conditional complexity)

	public boolean accept(String path)
	{
		int ixExtension = path.lastIndexOf('.');
		int len = path.length();
		final String ext;
		if (ixExtension <= 0 || ixExtension == len ||
			(path.lastIndexOf('/') + 1) == ixExtension ||
			(path.lastIndexOf('\\') + 1) == ixExtension)
		{
			ext = null;
		}
		else
		{
			ext = path.substring(ixExtension + 1).toLowerCase(Locale.ROOT).trim();
		}

		if ("html".equals(ext))
		{
			String prefix = path.substring(0, ixExtension);

			ClassLoader classLoader = getClass().getClassLoader();
			while (true)
			{
				if (classLoader.getResource(prefix + ".class") != null)
				{
					log.warn("Access denied to shared (static) resource because it is a Wicket markup file: " +
						path);
					return false;
				}

				int ixUnderscore = prefix.lastIndexOf('_');
				if (ixUnderscore == -1)
				{
					break;
				}

				prefix = prefix.substring(0, ixUnderscore);
			}
		}

		if (acceptExtension(ext) == false)
		{
			log.warn("Access denied to shared (static) resource because of the file extension: " +
				path);
			return false;
		}

		String filename = Strings.lastPathComponent(path, File.separatorChar);
		if (acceptFile(filename) == false)
		{
			log.warn("Access denied to shared (static) resource because of the file name: " + path);
			return false;
		}

		// Only if a placeholder, e.g. $up$ is defined, access to parent directories is allowed
		if (Strings.isEmpty(Application.get().getResourceSettings().getParentFolderPlaceholder()))
		{
			if (path.contains(".."))
			{
				log.warn("Access to parent directories via '..' is by default disabled for shared resources: " +
					path);
				return false;
			}
		}

		//
		// for windows we have to check both File.separator ('\') and the usual '/' since both can
		// be used and are used interchangeably
		//

		if (!allowAccessToRootResources)
		{
			String absolute = path;
			if ("\\".equals(File.separator))
			{
				// handle a windows path which may have a drive letter in it

				int drive = absolute.indexOf(":\\");
				if (drive < 0)
				{
					drive = absolute.indexOf(":/");
				}
				if (drive > 0)
				{
					// strip the drive letter off the path
					absolute = absolute.substring(drive + 2);
				}
			}

			if (absolute.startsWith(File.separator) || absolute.startsWith("/"))
			{
				absolute = absolute.substring(1);
			}
			if (!absolute.contains(File.separator) && !absolute.contains("/"))
			{
				log.warn("Access to root directory is by default disabled for shared resources: " +
					path);
				return false;
			}
		}

		return true;
	}