Author: echatellier Date: 2009-11-05 14:58:23 +0100 (Thu, 05 Nov 2009) New Revision: 2791 Modified: trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/FileLink.java trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/HeadLink.java trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/Image.java Log: Fix security issue (filer resources with .. in name/src/href) Modified: trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/FileLink.java =================================================================== --- trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/FileLink.java 2009-11-04 16:08:42 UTC (rev 2790) +++ trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/FileLink.java 2009-11-05 13:58:23 UTC (rev 2791) @@ -25,6 +25,7 @@ import javax.activation.MimetypesFileTypeMap; +import org.apache.commons.lang.StringUtils; import org.apache.tapestry5.ComponentResources; import org.apache.tapestry5.Link; import org.apache.tapestry5.MarkupWriter; @@ -84,7 +85,9 @@ /** Affichage du fichier */ public StreamResponse onCreateLink(final String filename, String type) { - if (filename == null || "".equals(filename)) { + + // security : src containing .. are filtered, to not access to full system + if (StringUtils.isEmpty(filename) || filename.contains("..")) { return null; } Modified: trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/HeadLink.java =================================================================== --- trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/HeadLink.java 2009-11-04 16:08:42 UTC (rev 2790) +++ trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/HeadLink.java 2009-11-05 13:58:23 UTC (rev 2791) @@ -22,6 +22,7 @@ import java.io.IOException; import java.io.InputStream; +import org.apache.commons.lang.StringUtils; import org.apache.tapestry5.BindingConstants; import org.apache.tapestry5.ComponentResources; import org.apache.tapestry5.Link; @@ -82,7 +83,9 @@ /** Affichage du fichier */ public StreamResponse onFileLink(final String href, final String type) { - if (href == null || "".equals(href)) { + + // security : src containing .. are filtered, to not access to full system + if (StringUtils.isEmpty(href) || href.contains("..")) { return null; } Modified: trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/Image.java =================================================================== --- trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/Image.java 2009-11-04 16:08:42 UTC (rev 2790) +++ trunk/pollen-ui/src/main/java/org/chorem/pollen/ui/components/Image.java 2009-11-05 13:58:23 UTC (rev 2791) @@ -24,6 +24,7 @@ import javax.activation.MimetypesFileTypeMap; +import org.apache.commons.lang.StringUtils; import org.apache.tapestry5.ComponentResources; import org.apache.tapestry5.Link; import org.apache.tapestry5.MarkupWriter; @@ -93,7 +94,9 @@ /** Affichage de l'image */ public StreamResponse onImageLink(final String src, final int width, final int height) { - if (src == null || "".equals(src)) { + + // security : src containing .. are filtered, to not access to full system + if (StringUtils.isEmpty(src) || src.contains("..")) { return null; }