8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2025-12-24 11:52:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

forbiden request when uri contain ..

Browse Source
This commit is contained in:
zengqiao
2021-04-06 10:01:29 +08:00
parent f38ab4a9ce
commit 1059b7376b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
View File

@@ -65,8 +65,8 @@ public class LoginServiceImpl implements LoginService {
@Override @Override
public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) {
String uri = request.getRequestURI(); String uri = request.getRequestURI();
if (uri.contains("./") || uri.contains("///")) { if (uri.contains("..") || uri.contains("./") || uri.contains("///")) {
LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains ../ or ./ or ///||uri={}", uri); LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains .. or ./ or ///||uri={}", uri);
singleSignOn.setRedirectToLoginPage(response); singleSignOn.setRedirectToLoginPage(response);
return false; return false;
} }