SecurityWrapperRequest.setAllowableContentRoot()

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Call this method with "/WEB-INF" as the input parameter.

What is the expected output? What do you see instead?
The expected allowableContentRoot should be "/WEB-INF", not "".

What version of the product are you using? On what operating system?
org.owasp.ESAPI version 2.0_rc6 on Windows XP

Please provide any additional information below.
The logic should be either

this.allowableContentRoot = allowableContentRoot.startsWith( "/" ) ? 
allowableContentRoot : "/" + allowableContentRoot;

or

this.allowableContentRoot = (allowableContentRoot.startsWith( "/" ) ? "" : "/") 
+ allowableContentRoot;

Original issue reported on code.google.com by muchi...@gmail.com on 22 Jul 2010 at 11:50

• Merged into: #150

[GoogleCodeExporter]

Nice find. We will fix this before 2.0 GA. Thank you!

Original comment by manico.james@gmail.com on 2 Nov 2010 at 7:56

• Added labels: Milestone-Release2.0

[GoogleCodeExporter]

Looks like August already fixed this - it's in the latest rev.

Original comment by jtmel...@gmail.com on 3 Nov 2010 at 3:45

[GoogleCodeExporter]

This is a duplicate of Issue #150. Or rather, 150 is a duplicate of this issue, 
but 150 is already marked fixed. 

Original comment by augu...@gmail.com on 4 Nov 2010 at 2:25

• Changed state: Duplicate