File tree Expand file tree Collapse file tree 1 file changed +3
-0
lines changed
src/main/java/eu/righettod Expand file tree Collapse file tree 1 file changed +3
-0
lines changed Original file line number Diff line number Diff line change @@ -1176,10 +1176,13 @@ public static boolean isPathSafe(String path) {
11761176 if (path != null && !path .isEmpty ()) {
11771177 //URL decode the path if case of data coming from a web context
11781178 String decodedPath = applyURLDecoding (path , decodingRoundThreshold );
1179+ //Remove any path escaping sequence
1180+ decodedPath = decodedPath .replace ("\\ /" , "/" ).replace ("\\ \\ " , "\\ " );
11791181 //Ensure that no path traversal path is present
11801182 File f = new File (decodedPath );
11811183 String canonicalPath = f .getCanonicalPath ();
11821184 String absolutePath = f .getAbsolutePath ();
1185+ System .out .println ("---" );
11831186 System .out .printf ("IN PATH : %s\n " , path );
11841187 System .out .printf ("DECODED PATH: %s\n " , decodedPath );
11851188 System .out .printf ("CANONICAL PATH: %s\n " , canonicalPath );
You can’t perform that action at this time.
0 commit comments