inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)

Browse Source 
90762: Merged V4.2-BUG-FIX (4.2.5) to HEAD-BUG-FIX (5.0/Cloud)
      90378: Merged DEV to V4.2-BUG-FIX (4.2.4)
         90372 : MNT-12708 :  "Access to files outside of content store root is not allowed:" error when using symlinks inside the contentstore
            - Use normalized absolute path to control is content within content-store
      90538: MNT-12708 : "Access to files outside of content store root is not allowed:" error when using symlinks inside the contentstore
         - Fix for the test failure


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94705 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2015-01-31 10:59:25 +00:00
parent 2f6e7c7f77
commit aebd5bf941
1 changed files with 6 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
source/java/org/alfresco/repo/content/filestore/FileContentStore.java
View File

@@ -40,6 +40,7 @@ import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.util.Deleter; import org.alfresco.util.Deleter;
import org.alfresco.util.GUID; import org.alfresco.util.GUID;
import org.alfresco.util.Pair; import org.alfresco.util.Pair;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException; import org.springframework.beans.BeansException;
@@ -72,7 +73,6 @@ public class FileContentStore
private File rootDirectory; private File rootDirectory;
private String rootAbsolutePath; private String rootAbsolutePath;
private String rootCanonicalPath;
private boolean allowRandomAccess; private boolean allowRandomAccess;
private boolean readOnly; private boolean readOnly;
private ApplicationContext applicationContext; private ApplicationContext applicationContext;
@@ -109,15 +109,6 @@ public class FileContentStore
rootAbsolutePath = rootDirectory.getAbsolutePath(); rootAbsolutePath = rootDirectory.getAbsolutePath();
allowRandomAccess = true; allowRandomAccess = true;
readOnly = false; readOnly = false;
try
{
rootCanonicalPath = rootDirectory.getCanonicalPath();
}
catch (IOException e)
{
throw new ContentIOException("Failed to get store root canonical path: " + rootDirectory, e);
}
} }
/** /**
@@ -696,17 +687,12 @@ public class FileContentStore
*/ */
private void ensureFileInContentStore(File file) private void ensureFileInContentStore(File file)
{ {
try String fileNormalizedAbsoultePath = FilenameUtils.normalize(file.getAbsolutePath());
String rootNormalizedAbsolutePath = FilenameUtils.normalize(rootAbsolutePath);
if (!fileNormalizedAbsoultePath.startsWith(rootNormalizedAbsolutePath))
{ {
String fileCanonicalPath = file.getCanonicalPath(); throw new ContentIOException("Access to files outside of content store root is not allowed: " + file);
if (!fileCanonicalPath.startsWith(rootCanonicalPath))
{
throw new ContentIOException("Access to files outside of content store root is not allowed: " + file);
}
}
catch (IOException e)
{
throw new ContentIOException("Failed to get file canonical path: " + file, e);
} }
} }
} }