Lanmikeman/Launcher
1
1
Fork 0
mirror of https://github.com/GravitLauncher/Launcher synced 2025-01-09 09:09:46 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' of github.com:GravitLauncher/Launcher

Browse source
This commit is contained in:
Gravit 2018-10-05 14:51:09 +07:00
commit bbe3a5b111
1 changed files with 3 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
LaunchServer/src/main/java/ru/gravit/launchserver/fileserver/FileServerHandler.java
View file

@ -90,7 +90,7 @@ public void channelRead0(ChannelHandlerContext ctx, FullHttpRequest request) thr
} else { } else {
sendRedirect(ctx, uri + '/'); sendRedirect(ctx, uri + '/');
} }
} else sendError(ctx, FORBIDDEN); } else sendError(ctx, NOT_FOUND); // can not handle dirs
return; return;
} }
@ -197,7 +197,7 @@ private static String sanitizeUri(String uri) {
} }
// Convert file separators. // Convert file separators.
uri = uri.replace('/', File.separatorChar); uri = uri.replace(File.separatorChar, '/');
// Simplistic dumb security check. // Simplistic dumb security check.
// You will have to do something serious in the production environment. // You will have to do something serious in the production environment.
@ -207,9 +207,7 @@ private static String sanitizeUri(String uri) {
INSECURE_URI.matcher(uri).matches()) { INSECURE_URI.matcher(uri).matches()) {
return null; return null;
} }
return uri.substring(1);
// Convert to absolute path.
return SystemPropertyUtil.get("user.dir") + File.separator + uri;
} }
private static final Pattern ALLOWED_FILE_NAME = Pattern.compile("[^-\\._]?[^<>&\\\"]*"); private static final Pattern ALLOWED_FILE_NAME = Pattern.compile("[^-\\._]?[^<>&\\\"]*");