[HOTFIX] of HOTFIX: Use CanonicalPath for check
This commit is contained in:
parent
15616e05f3
commit
3bb3c5b513
|
@ -104,7 +104,9 @@ public class ShopArticleController {
|
||||||
|
|
||||||
if(article.image != null) {
|
if(article.image != null) {
|
||||||
File file = new File(article.image.path);
|
File file = new File(article.image.path);
|
||||||
if (file.getCanonicalPath().startsWith("./data/img/")) {
|
File allowedPath = new File("./data/img/");
|
||||||
|
|
||||||
|
if (file.getCanonicalPath().startsWith(allowedPath.getCanonicalPath())) {
|
||||||
InputStream in = new FileInputStream(file);
|
InputStream in = new FileInputStream(file);
|
||||||
response.setContentType(MediaType.IMAGE_JPEG_VALUE);
|
response.setContentType(MediaType.IMAGE_JPEG_VALUE);
|
||||||
IOUtils.copy(in, response.getOutputStream());
|
IOUtils.copy(in, response.getOutputStream());
|
||||||
|
|
Reference in New Issue