diff options
| author | Martin Stockhammer <martin_s@apache.org> | 2019-02-24 14:56:11 +0100 |
|---|---|---|
| committer | Martin Stockhammer <martin_s@apache.org> | 2019-05-03 20:49:42 +0200 |
| commit | 747cc55b248022066f5a8a92c6a6cc71b15ed944 (patch) | |
| tree | 1dd8331af3c73a711ff2de19622e24a256c75334 /archiva-modules | |
| parent | 0102f34cfe622986614e5c30c6730d59ff98d1bd (diff) | |
| download | archiva-747cc55b248022066f5a8a92c6a6cc71b15ed944.tar.gz archiva-747cc55b248022066f5a8a92c6a6cc71b15ed944.zip | |
Adding additional verifications for upload
(cherry picked from commit c5bcbaabedc323e778fe03289cbbfaa35b25e2d8)
Diffstat (limited to 'archiva-modules')
| -rw-r--r-- | archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java index 3a05d8fb9..0e55bdb0c 100644 --- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java +++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/api/DefaultFileUploadService.java @@ -184,21 +184,22 @@ public class DefaultFileUploadService public Boolean deleteFile( String fileName ) throws ArchivaRestServiceException { - Path file = SystemUtils.getJavaIoTmpDir().toPath().resolve( fileName ); + // we make sure, that there are no other path components in the filename: + String checkedFileName = Paths.get(fileName).getFileName().toString(); + Path file = SystemUtils.getJavaIoTmpDir().toPath().resolve( checkedFileName ); log.debug( "delete file:{},exists:{}", file, Files.exists(file) ); boolean removed = getSessionFileMetadatas().remove( new FileMetadata( fileName ) ); // try with full name as ui only know the file name - if ( !removed ) - { - /* unused */ getSessionFileMetadatas().remove( new FileMetadata( file.toString() ) ); - } - try - { - Files.deleteIfExists( file ); - } - catch ( IOException e ) - { - log.error("Could not delete file {}: {}", file, e.getMessage(), e); + if ( !removed ) { + removed = getSessionFileMetadatas().remove(new FileMetadata(file.toString())); + } + if (removed) { + try { + Files.deleteIfExists(file); + return Boolean.TRUE; + } catch (IOException e) { + log.error("Could not delete file {}: {}", file, e.getMessage(), e); + } } return Boolean.FALSE; } |