Re: [openmeetings-dev] [openmeetings] r4704 committed - Check for download outside openmeetings is fixed

Tue, 06 Dec 2011 07:41:14 -0800 

Hi Maxim,

I don't understand what is the difference between:

if (!f2.getCanonicalPath().startWith(current_dir)) {

and

if (!f2.getCanonicalPath().startsWith(curDirFile.getCanonicalPath())) {
>
> Was this the root of the exception from the mailing list

Thanks,
Sebastian

2011/12/6 <[email protected]>

> Revision: 4704
> Author:   [email protected]
> Date:     Tue Dec  6 07:35:57 2011
> Log:      Check for download outside openmeetings is fixed
> http://code.google.com/p/**openmeetings/source/detail?r=**4704<http://code.google.com/p/openmeetings/source/detail?r=4704>
>
> Modified:
>  /branches/1_9
>  /branches/1_9/src/app/org/**openmeetings/servlet/**
> outputhandler/DefaultIndex.**java
>  /branches/1_9/src/app/org/**openmeetings/servlet/**
> outputhandler/DownloadHandler.**java
>
> ==============================**=========
> --- /branches/1_9/src/app/org/**openmeetings/servlet/**
> outputhandler/DownloadHandler.**java   Mon Nov 21 01:19:55 2011
> +++ /branches/1_9/src/app/org/**openmeetings/servlet/**
> outputhandler/DownloadHandler.**java   Tue Dec  6 07:35:57 2011
> @@ -289,8 +289,12 @@
>                                                return;
>                                        }
>                                        // Requested file is outside OM
> webapp folder
> -                                       if 
> (!f2.getCanonicalPath().**startsWith(current_dir))
> {
> -                                               throw new
> Exception("Invalid file requested");
> +                                       File curDirFile = new
> File(current_dir);
> +                                       if (!f2.getCanonicalPath()
> +
> .startsWith(curDirFile.**getCanonicalPath())) {
> +                                               throw new
> Exception("Invalid file requested: f2.cp == "
> +                                                               +
> f2.getCanonicalPath() + "; curDir.cp == "
> +                                                               +
> curDirFile.getCanonicalPath())**;
>                                        }
>
>                                        // Get file and handle download
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenMeetings developers" group.
> To post to this group, send email to 
> openmeetings-dev@googlegroups.**com<[email protected]>
> .
> To unsubscribe from this group, send email to
> openmeetings-dev+unsubscribe@**googlegroups.com<openmeetings-dev%[email protected]>
> .
> For more options, visit this group at http://groups.google.com/**
> group/openmeetings-dev?hl=en<http://groups.google.com/group/openmeetings-dev?hl=en>
> .
>
>


-- 
Sebastian Wagner
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
[email protected]

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/openmeetings-dev?hl=en.

Reply via email to