From fc37824bc08a8fcaaad41f09986e99e34a709172 Mon Sep 17 00:00:00 2001
From: Rossen Stoyanchev <rstoyanchev@pivotal.io>
Date: Tue, 28 Jun 2016 21:39:19 +0200
Subject: [PATCH] Improve static resource path check (cherry picked from commit
 2697425)

---
 .../web/servlet/resource/ResourceHttpRequestHandler.java      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java
index 274602b8f79..126ddb3e49c 100644
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2014 the original author or authors.
+ * Copyright 2002-2016 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -281,7 +281,7 @@ public class ResourceHttpRequestHandler extends WebContentGenerator implements H
 				return true;
 			}
 		}
-		if (path.contains("../")) {
+		if (path.contains("..")) {
 			path = StringUtils.cleanPath(path);
 			if (path.contains("../")) {
 				if (logger.isTraceEnabled()) {