file uri fix was placed in wrong order

bertramdev · Aug 22, 2018 · a584e89 · a584e89
1 parent c787972
commit a584e89
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/asset-pipeline-grails/src/main/groovy/asset/pipeline/AssetPipelineFilter.groovy b/asset-pipeline-grails/src/main/groovy/asset/pipeline/AssetPipelineFilter.groovy
@@ -61,10 +61,11 @@ class AssetPipelineFilter extends OncePerRequestFilter {
 			if(fileUri == '' || fileUri.endsWith('/')) {
 				fileUri += indexFile
 			}
+			fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse 
 			if(fileUri.startsWith('/')) {
 				manifestPath = fileUri.substring(1) //Omit forward slash
 			}
-			fileUri = AssetHelper.normalizePath(fileUri) //JETTY Security bug, we MUST prevent reverse traversal
+			traversal
 			fileUri = manifest?.getProperty(manifestPath, manifestPath)