shuber 2005/04/25 18:51:23 CEST
Modified files: (Branch: JAHIA-4-1-BRANCH)
src/java/org/jahia/engines/core Core_Engine.java
Log:
Bugfix
Revision Changes Path
1.16.2.1.2.1 +10 -3
jahia/src/java/org/jahia/engines/core/Core_Engine.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/src/java/org/jahia/engines/core/Core_Engine.java.diff?r1=1.16.2.1&r2=1.16.2.1.2.1&f=h
Index: Core_Engine.java
===================================================================
RCS file:
/home/cvs/repository/jahia/src/java/org/jahia/engines/core/Attic/Core_Engine.java,v
retrieving revision 1.16.2.1
retrieving revision 1.16.2.1.2.1
diff -u -r1.16.2.1 -r1.16.2.1.2.1
--- Core_Engine.java 22 Oct 2004 14:43:11 -0000 1.16.2.1
+++ Core_Engine.java 25 Apr 2005 16:51:23 -0000 1.16.2.1.2.1
@@ -172,9 +172,16 @@
// now let's check for template override parameter
if (jData.params ().getParameter (ParamBean.TEMPLATE_PARAMETER) !=
null) {
- fileName = "/jsp/test/" +
- jData.params ().getParameter
(ParamBean.TEMPLATE_PARAMETER);
- logger.debug ("Overriding page template with URL template : " +
fileName);
+ // we must test the path to make sure it doesn't have any ../
+ // sequences which are VERY dangerous.
+
+ String pathToAlternateTemplate = jData.params ().getParameter
(ParamBean.TEMPLATE_PARAMETER);
+ if (pathToAlternateTemplate.indexOf("..") == -1) {
+ fileName = "/jsp/test/" +
+ jData.params ().getParameter
(ParamBean.TEMPLATE_PARAMETER);
+ logger.debug ("Overriding page template with URL template :
" + fileName);
+ }
+
}
// compose a new hashmap with engine properties...
