From 9e7450c012c9ab8eb86e8c76b290d833f5451a5b Mon Sep 17 00:00:00 2001 From: zengqiao Date: Wed, 31 Mar 2021 19:45:18 +0800 Subject: [PATCH] =?UTF-8?q?=E6=8B=92=E7=BB=9D=E5=8C=85=E5=90=AB./=E6=88=96?= =?UTF-8?q?/=E8=BF=9E=E7=BB=AD=E8=BF=87=E5=A4=9A=E7=9A=84=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=E8=AF=B7=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kafka/manager/account/impl/LoginServiceImpl.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java index b168b754..91af67b3 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java @@ -64,11 +64,13 @@ public class LoginServiceImpl implements LoginService { @Override public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { - String uri = request.getRequestURI().replace("//", "/"); - if (uri.contains("/../") || uri.contains("/./")) { - LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains /../ or /./||uri={}", uri); + String uri = request.getRequestURI(); + if (uri.contains("./") || uri.contains("///")) { + LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains ../ or ./ or ///||uri={}", uri); + singleSignOn.setRedirectToLoginPage(response); return false; } + uri = uri.replaceAll("//", "/"); if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX) || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX)