]> source.dussan.org Git - archiva.git/commitdiff
projects / archiva.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0102f34)
Adding additional verifications for upload
authorMartin Stockhammer <martin_s@apache.org>
Sun, 24 Feb 2019 13:56:11 +0000 (14:56 +0100)
committerMartin Stockhammer <martin_s@apache.org>
Fri, 3 May 2019 18:49:42 +0000 (20:49 +0200)
(cherry picked from commit c5bcbaabedc323e778fe03289cbbfaa35b25e2d8)

archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java patch | blob | history

diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
index 3a05d8fb9de2c3f81cde9338ff38033a0cfc31b4..0e55bdb0c3bfe82d02f0679b9ea9f77c261e314e 100644 (file)
--- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
+++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java
@@ -184,21 +184,22 @@ public class DefaultFileUploadService
     public Boolean deleteFile( String fileName )
         throws ArchivaRestServiceException
     {
-        Path file = SystemUtils.getJavaIoTmpDir().toPath().resolve( fileName );
+        // we make sure, that there are no other path components in the filename:
+        String checkedFileName = Paths.get(fileName).getFileName().toString();
+        Path file = SystemUtils.getJavaIoTmpDir().toPath().resolve( checkedFileName );
         log.debug( "delete file:{},exists:{}", file, Files.exists(file) );
         boolean removed = getSessionFileMetadatas().remove( new FileMetadata( fileName ) );
         // try with full name as ui only know the file name
-        if ( !removed )
-        {
-            /* unused */ getSessionFileMetadatas().remove( new FileMetadata( file.toString() ) );
-        }
-        try
-        {
-            Files.deleteIfExists( file );
-        }
-        catch ( IOException e )
-        {
-            log.error("Could not delete file {}: {}", file, e.getMessage(), e);
+        if ( !removed ) {
+            removed = getSessionFileMetadatas().remove(new FileMetadata(file.toString()));
+        }
+        if (removed) {
+            try {
+                Files.deleteIfExists(file);
+                return Boolean.TRUE;
+            } catch (IOException e) {
+                log.error("Could not delete file {}: {}", file, e.getMessage(), e);
+            }
         }
         return Boolean.FALSE;
     }
Apache Archiva Repository: https://github.com/apache/archiva