Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix Temporary Directory Hijacking or Information Disclosure Vulnerabi…
…lity

fix #332
  • Loading branch information
Paco Avila committed Sep 5, 2022
1 parent e1ee4c0 commit c069e4d
Showing 1 changed file with 3 additions and 8 deletions.
11 changes: 3 additions & 8 deletions src/main/java/com/openkm/util/FileUtils.java
Expand Up @@ -31,6 +31,7 @@
import org.slf4j.LoggerFactory;

import java.io.*;
import java.nio.file.Files;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Date;
Expand Down Expand Up @@ -66,13 +67,7 @@ public static String getFileExtension(String file) {
* @throws IOException If something fails.
*/
public static File createTempDir() throws IOException {
File tmpFile = File.createTempFile("okm", null);

if (!tmpFile.delete())
throw new IOException();
if (!tmpFile.mkdir())
throw new IOException();
return tmpFile;
return Files.createTempDirectory("okm").toFile();
}

/**
Expand Down Expand Up @@ -229,7 +224,7 @@ public static void copy(File input, File output) throws IOException {
}

/**
* Create "year / month / day" directory structure.
* Create "year / month / day" directory structure.
*/
public static File createDateDir(String parent) {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy" + File.separator + "MM" + File.separator + "dd");
Expand Down

0 comments on commit c069e4d

Please sign in to comment.