Commit 1661e192 authored by Matija Obreza's avatar Matija Obreza
Browse files

Test canonical path of destinationFile instead of destinationDir

parent 370398e4
......@@ -101,6 +101,8 @@ public class FilesystemStorageServiceImpl implements BytesStorageService {
throw new IOException("Exists, not a directory: " + destinationDir.getAbsolutePath());
final File destinationFile = new File(destinationDir, filename);
if (!destinationFile.getCanonicalPath().startsWith(repoDir.getCanonicalPath()))
throw new IOException("Not within repository path: " + destinationFile.getAbsolutePath());
try (BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(destinationFile, false))) {
IOUtils.write(data, output);
......@@ -117,8 +119,8 @@ public class FilesystemStorageServiceImpl implements BytesStorageService {
final File destinationDir = new File(repoDir, path);
final File destinationFile = new File(destinationDir, filename);
if (!destinationDir.getCanonicalPath().startsWith(repoDir.getCanonicalPath()))
throw new IOException("Not within repository path: " + destinationDir.getAbsolutePath());
if (!destinationFile.getCanonicalPath().startsWith(repoDir.getCanonicalPath()))
throw new IOException("Not within repository path: " + destinationFile.getAbsolutePath());
if (destinationFile.exists()) {
destinationFile.delete();
......@@ -147,8 +149,8 @@ public class FilesystemStorageServiceImpl implements BytesStorageService {
final File destinationDir = new File(repoDir, path);
final File destinationFile = new File(destinationDir, filename);
if (!destinationDir.getCanonicalPath().startsWith(repoDir.getCanonicalPath()))
throw new IOException("Not within repository path: " + destinationDir.getAbsolutePath());
if (!destinationFile.getCanonicalPath().startsWith(repoDir.getCanonicalPath()))
throw new IOException("Not within repository path: " + destinationFile.getAbsolutePath());
byte[] data = null;
if (destinationFile.exists()) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment