Skip to content

GitLab

Commit ba83d1a3 authored by Makhtar DIAGNE's avatar Makhtar DIAGNE
Browse files

[FIX RABB-808] Fix directory traversal security issue on getLogo

parent 710c9371
Hide whitespace changes
Inline Side-by-side
ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
View file @ ba83d1a3
...@@ -163,7 +163,7 @@ public class ApplicationService extends AbstractCrudService<ApplicationDto> { ...@@ -163,7 +163,7 @@ public class ApplicationService extends AbstractCrudService<ApplicationDto> {
} }
public String getBase64File(String fileName, String basePath) { public String getBase64File(String fileName, String basePath) {
final Path assetFile = Paths.get(basePath, fileName).normalize(); final Path assetFile = Paths.get(basePath, Paths.get(fileName).getFileName().toString());
String base64Asset = null; String base64Asset = null;
try { try {
base64Asset = DatatypeConverter.printBase64Binary(Files.readAllBytes(assetFile)); base64Asset = DatatypeConverter.printBase64Binary(Files.readAllBytes(assetFile));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment