Skip to content

Commit 3686c37

Browse files
sebooseboo
committed
LUTECE-2210 : avoid path manipulation
1 parent 342ca3e commit 3686c37

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

src/java/fr/paris/lutece/portal/web/style/ModesJspBean.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
import fr.paris.lutece.portal.web.constants.Messages;
4646
import fr.paris.lutece.portal.web.constants.Parameters;
4747
import fr.paris.lutece.util.html.HtmlTemplate;
48+
import fr.paris.lutece.util.http.SecurityUtil;
4849

4950
import java.io.File;
5051

@@ -152,6 +153,11 @@ public String doCreateMode( HttpServletRequest request ) throws AccessDeniedExce
152153
strPath += File.separator;
153154
}
154155

156+
if ( SecurityUtil.containsPathManipulationChars(request, strPath) )
157+
{
158+
throw new AccessDeniedException( "Invalid path" );
159+
}
160+
155161
File dirPath = new File( AppPathService.getPath( PROPERTY_PATH_XSL ) + strPath );
156162

157163
if ( dirPath.exists( ) )

src/java/fr/paris/lutece/portal/web/system/SystemJspBean.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@
4646
import fr.paris.lutece.portal.service.util.AppPropertiesService;
4747
import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
4848
import fr.paris.lutece.util.html.HtmlTemplate;
49+
import fr.paris.lutece.util.http.SecurityUtil;
4950
import fr.paris.lutece.util.stream.StreamUtil;
5051

5152
import java.io.File;
@@ -209,7 +210,7 @@ public String getFileView( HttpServletRequest request )
209210
{
210211
String strFilePath = AppPathService.getWebAppPath( );
211212

212-
if ( strFilePath != null )
213+
if ( strFilePath != null && SecurityUtil.containsPathManipulationChars( request, strFile ))
213214
{
214215
strFileData = getFileData( strFilePath + strDirectory + strFile );
215216
}

0 commit comments

Comments
 (0)