This is an automated email from the ASF dual-hosted git repository. nic pushed a commit to branch 2.6.x in repository https://gitbox.apache.org/repos/asf/kylin.git
commit e946dc6abf2999d9c036752393824fc576f5b71a Author: nichunen <[email protected]> AuthorDate: Sat Jan 18 22:45:04 2020 +0800 Prevent uncontrolled data used in path expression --- .../src/main/java/org/apache/kylin/metadata/TableMetadataManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java b/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java index 0126c0d..1605dec 100644 --- a/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java +++ b/core-metadata/src/main/java/org/apache/kylin/metadata/TableMetadataManager.java @@ -484,6 +484,7 @@ public class TableMetadataManager { public void removeExternalFilter(String name) throws IOException { try (AutoLock lock = extFilterMapLock.lockForWrite()) { + name = name.replaceAll("[./]", ""); extFilterCrud.delete(name); } }
