Revision: 4166
Author: seba.wagner
Date: Sat Sep 3 05:33:19 2011
Log: (Fixes issue 1468)
http://code.google.com/p/openmeetings/source/detail?r=4166
Modified:
/trunk/singlewebapp/src/app/org/openmeetings/servlet/outputhandler/DownloadHandler.java
=======================================
---
/trunk/singlewebapp/src/app/org/openmeetings/servlet/outputhandler/DownloadHandler.java
Tue Aug 30 13:17:16 2011
+++
/trunk/singlewebapp/src/app/org/openmeetings/servlet/outputhandler/DownloadHandler.java
Sat Sep 3 05:33:19 2011
@@ -117,12 +117,20 @@
if (parentPath == null) {
parentPath = "nomodule";
}
+
+ if (parentPath.startsWith("..")) {
+ throw new Exception("Error on
parentPath");
+ }
String requestedFile = httpServletRequest
.getParameter("fileName");
if (requestedFile == null) {
requestedFile = "";
}
+
+ if (requestedFile.startsWith("..")) {
+ throw new Exception("Error on
fileName");
+ }
// make a complete name out of
domain(organisation) + roomname
String roomName = room_id;
--
You received this message because you are subscribed to the Google Groups
"OpenMeetings developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/openmeetings-dev?hl=en.
