[HOTFIX] of HOTFIX: Use CanonicalPath for check
This commit is contained in:
parent
15616e05f3
commit
3bb3c5b513
|
@ -104,7 +104,9 @@ public class ShopArticleController {
|
|||
|
||||
if(article.image != null) {
|
||||
File file = new File(article.image.path);
|
||||
if (file.getCanonicalPath().startsWith("./data/img/")) {
|
||||
File allowedPath = new File("./data/img/");
|
||||
|
||||
if (file.getCanonicalPath().startsWith(allowedPath.getCanonicalPath())) {
|
||||
InputStream in = new FileInputStream(file);
|
||||
response.setContentType(MediaType.IMAGE_JPEG_VALUE);
|
||||
IOUtils.copy(in, response.getOutputStream());
|
||||
|
|
Reference in New Issue