Permalink
Browse files

defend against directory traversal attack

  • Loading branch information...
1 parent df5c6a0 commit 927063f130fd21e15a7d158a76a3567cf97b2967 @kohsuke committed Sep 23, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 src/main/java/org/kohsuke/confluence/scache/StaticPageGenerator.java
@@ -25,7 +25,6 @@
import java.io.FileOutputStream;
import java.io.FilenameFilter;
import java.io.IOException;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
@@ -60,6 +59,7 @@ public Task(Page page) {
// Confluence uses '+' in page names to indicate ' ', which is an incorrect escaping for path name tokens
// to simplify the cache matching, produce content in both names
String name = page.getSpaceKey() + '/' + page.getTitle() + ".html";
+ name = name.replaceAll("\\.\\.","_"); // prevent directory traversal attack
output.add(new File(getCacheDir(), name));
output.add(new File(getCacheDir(), name.replace(' ','+')));

0 comments on commit 927063f

Please sign in to comment.