Skip to content

Commit

Permalink
file uri fix was placed in wrong order
Browse files Browse the repository at this point in the history
  • Loading branch information
@davydotcom
davydotcom committed Aug 22, 2018
1 parent a584e89 commit 4c57fc3
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions asset-pipeline-grails/src/main/groovy/asset/pipeline/AssetPipelineFilter.groovy
View file
Expand Up @@ -61,11 +61,10 @@ class AssetPipelineFilter extends OncePerRequestFilter {
if(fileUri == '' || fileUri.endsWith('/')) {
fileUri += indexFile
}
fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse
if(fileUri.startsWith('/')) {
manifestPath = fileUri.substring(1) //Omit forward slash
}
traversal
manifestPath = AssetHelper.normalizePath(manifestPath) //JETTY Security bug, we MUST prevent reverse traversal
fileUri = manifest?.getProperty(manifestPath, manifestPath)


Expand Down

0 comments on commit 4c57fc3

Please sign in to comment.