Skip to content

Commit

Permalink
Strip only allowed extensions!
Browse files Browse the repository at this point in the history
  • Loading branch information
@igr
igr committed Jun 17, 2018
1 parent acbec82 commit 4b15af3
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 13 deletions.
31 changes: 19 additions & 12 deletions jodd-core/src/main/java/jodd/net/MimeTypes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@ public class MimeTypes {
private static final HashMap<String, String> MIME_TYPE_MAP; // extension -> mime-type map

static {
Properties mimes = new Properties();
final Properties mimes = new Properties();

InputStream is = MimeTypes.class.getResourceAsStream(MimeTypes.class.getSimpleName() + ".properties");
final InputStream is = MimeTypes.class.getResourceAsStream(MimeTypes.class.getSimpleName() + ".properties");
if (is == null) {
throw new IllegalStateException("Mime types file missing");
}
Expand All @@ -78,10 +78,10 @@ public class MimeTypes {

MIME_TYPE_MAP = new HashMap<>(mimes.size() * 2);

Enumeration keys = mimes.propertyNames();
final Enumeration keys = mimes.propertyNames();
while (keys.hasMoreElements()) {
String mimeType = (String) keys.nextElement();
String extensions = mimes.getProperty(mimeType);
final String extensions = mimes.getProperty(mimeType);

if (mimeType.startsWith("/")) {
mimeType = "application" + mimeType;
Expand All @@ -95,9 +95,9 @@ public class MimeTypes {
mimeType = "video" + mimeType.substring(1);
}

String[] allExtensions = StringUtil.splitc(extensions, ' ');
final String[] allExtensions = StringUtil.splitc(extensions, ' ');

for (String extension : allExtensions) {
for (final String extension : allExtensions) {
if (MIME_TYPE_MAP.put(extension, mimeType) != null) {
throw new IllegalArgumentException("Duplicated extension: " + extension);
}
Expand Down Expand Up @@ -138,16 +138,16 @@ public static String lookupMimeType(final String ext) {
* @param useWildcard if set, mime types are wildcard patterns
*/
public static String[] findExtensionsByMimeTypes(String mimeType, final boolean useWildcard) {
ArrayList<String> extensions = new ArrayList<>();
final ArrayList<String> extensions = new ArrayList<>();

mimeType = mimeType.toLowerCase();
String[] mimeTypes = StringUtil.splitc(mimeType, ", ");
final String[] mimeTypes = StringUtil.splitc(mimeType, ", ");

for (Map.Entry<String, String> entry : MIME_TYPE_MAP.entrySet()) {
String entryExtension = entry.getKey();
String entryMimeType = entry.getValue().toLowerCase();
for (final Map.Entry<String, String> entry : MIME_TYPE_MAP.entrySet()) {
final String entryExtension = entry.getKey();
final String entryMimeType = entry.getValue().toLowerCase();

int matchResult = useWildcard ?
final int matchResult = useWildcard ?
Wildcard.matchOne(entryMimeType, mimeTypes) :
StringUtil.equalsOne(entryMimeType, mimeTypes);

Expand All @@ -162,4 +162,11 @@ public static String[] findExtensionsByMimeTypes(String mimeType, final boolean

return extensions.toArray(new String[0]);
}

/**
* Returns {@code true} if given value is one of the registered MIME extensions.
*/
public static boolean isRegisteredExtension(final String extension) {
return MIME_TYPE_MAP.containsKey(extension);
}
}
9 changes: 9 additions & 0 deletions jodd-madvoc/src/main/java/jodd/madvoc/component/ActionsManagerCfg.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ abstract class ActionsManagerCfg {
protected Class<? extends PathMacros> pathMacroClass;
protected String[] pathMacroSeparators;
protected boolean strictRoutePaths;
protected String[] pathExtensionsToStrip = new String[]{"htm", "html"};

public ActionsManagerCfg() {
this.detectDuplicatePathsEnabled = true;
Expand Down Expand Up @@ -89,4 +90,12 @@ public boolean isStrictRoutePaths() {
public void setStrictRoutePaths(final boolean strictRoutePaths) {
this.strictRoutePaths = strictRoutePaths;
}

public String[] getPathExtensionsToStrip() {
return pathExtensionsToStrip;
}

public void setPathExtensionsToStrip(final String... pathExtensionsToStrip) {
this.pathExtensionsToStrip = pathExtensionsToStrip;
}
}
9 changes: 8 additions & 1 deletion jodd-madvoc/src/main/java/jodd/madvoc/config/Routes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,19 @@ public ActionRuntime lookup(final String method, final String[] pathChunks) {
if (actionsManager.isStrictRoutePaths()) {
return null;
}
// special

// special case
final String lastPath = pathChunks[pathChunks.length - 1];
final int lastNdx = lastPath.lastIndexOf('.');
if (lastNdx == -1) {
return null;
}
final String pathExtension = lastPath.substring(lastNdx + 1);

if (StringUtil.equalsOne(pathExtension, actionsManager.getPathExtensionsToStrip()) == -1) {
return null;
}

pathChunks[pathChunks.length - 1] = lastPath.substring(0, lastNdx);
}
}
Expand Down

0 comments on commit 4b15af3

Please sign in to comment.