localhorst
/
e-commerce
Archived
4
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

[HOTFIX] of HOTFIX: Use CanonicalPath for check

This commit is contained in:
CodeSteak 2020-06-14 16:51:59 +02:00
parent 15616e05f3
commit 3bb3c5b513
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java
View File

@ -101,10 +101,12 @@ public class ShopArticleController {
@PathVariable("id") Long id
) throws IOException {
Article article = articleRepository.findArticleById(id);
if(article.image != null) {
File file = new File(article.image.path);
if (file.getCanonicalPath().startsWith("./data/img/")) {
File allowedPath = new File("./data/img/");
if (file.getCanonicalPath().startsWith(allowedPath.getCanonicalPath())) {
InputStream in = new FileInputStream(file);
response.setContentType(MediaType.IMAGE_JPEG_VALUE);
IOUtils.copy(in, response.getOutputStream());