Revision: 4704
Author: [email protected]
Date: Tue Dec 6 07:35:57 2011
Log: Check for download outside openmeetings is fixed
http://code.google.com/p/openmeetings/source/detail?r=4704
Modified:
/branches/1_9
/branches/1_9/src/app/org/openmeetings/servlet/outputhandler/DefaultIndex.java
/branches/1_9/src/app/org/openmeetings/servlet/outputhandler/DownloadHandler.java
=======================================
---
/branches/1_9/src/app/org/openmeetings/servlet/outputhandler/DownloadHandler.java
Mon Nov 21 01:19:55 2011
+++
/branches/1_9/src/app/org/openmeetings/servlet/outputhandler/DownloadHandler.java
Tue Dec 6 07:35:57 2011
@@ -289,8 +289,12 @@
return;
}
// Requested file is outside OM webapp
folder
- if
(!f2.getCanonicalPath().startsWith(current_dir)) {
- throw new Exception("Invalid file
requested");
+ File curDirFile = new File(current_dir);
+ if (!f2.getCanonicalPath()
+
.startsWith(curDirFile.getCanonicalPath())) {
+ throw new Exception("Invalid file
requested: f2.cp == "
+ + f2.getCanonicalPath() +
"; curDir.cp == "
+ +
curDirFile.getCanonicalPath());
}
// Get file and handle download
--
You received this message because you are subscribed to the Google Groups
"OpenMeetings developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/openmeetings-dev?hl=en.
