From f59ea610dfcf55cd0b42f6dd76a9b3dab0218aaa Mon Sep 17 00:00:00 2001
From: Juergen Hoeller <jhoeller@pivotal.io>
Date: Tue, 27 Mar 2018 00:23:36 +0200
Subject: [PATCH] Simplified separator check within isInvalidEncodedPath

Issue: SPR-16616
---
 .../web/servlet/resource/PathResourceResolver.java    | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java
index 5e9753fc3b..41f3ffebf2 100644
--- a/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java
+++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/resource/PathResourceResolver.java
@@ -284,16 +284,7 @@ public class PathResourceResolver extends AbstractResourceResolver {
 			// Use URLDecoder (vs UriUtils) to preserve potentially decoded UTF-8 chars...
 			try {
 				String decodedPath = URLDecoder.decode(resourcePath, "UTF-8");
-				int separatorIndex = decodedPath.indexOf("..") + 2;
-				if (separatorIndex > 1 && separatorIndex < decodedPath.length()) {
-					char separator = decodedPath.charAt(separatorIndex);
-					if (separator == '/' || separator == '\\') {
-						if (logger.isTraceEnabled()) {
-							logger.trace("Resolved resource path contains \"../\" after decoding: " + resourcePath);
-						}
-					}
-					return true;
-				}
+				return (decodedPath.contains("../") || decodedPath.contains("..\\"));
 			}
 			catch (UnsupportedEncodingException ex) {
 				// Should never happen...