From 2056f528fd95c4dd824bc7e8629398b3a91c4e3c Mon Sep 17 00:00:00 2001 From: johnniang Date: Fri, 13 Dec 2019 00:28:51 +0800 Subject: [PATCH] Fix vulnerability while deleting backup file --- .../java/run/halo/app/service/impl/BackupServiceImpl.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/run/halo/app/service/impl/BackupServiceImpl.java b/src/main/java/run/halo/app/service/impl/BackupServiceImpl.java index d95423d3d..d99aa92a5 100644 --- a/src/main/java/run/halo/app/service/impl/BackupServiceImpl.java +++ b/src/main/java/run/halo/app/service/impl/BackupServiceImpl.java @@ -214,8 +214,13 @@ public class BackupServiceImpl implements BackupService { public void deleteHaloBackup(String fileName) { Assert.hasText(fileName, "File name must not be blank"); + Path backupRootPath = Paths.get(haloProperties.getBackupDir()); + // Get backup path - Path backupPath = Paths.get(haloProperties.getBackupDir(), fileName); + Path backupPath = backupRootPath.resolve(fileName); + + // Check directory traversal + run.halo.app.utils.FileUtils.checkDirectoryTraversal(backupRootPath, backupPath); try { // Delete backup file