github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(security): freemarker SSTI vulnerability. (#1402)

pull/1410/head
Ryan Wang 2021-06-20 16:35:34 +08:00 committed by GitHub
parent e72fe2179a
commit 5539cf12f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/run/halo/app/listener/freemarker/FreemarkerConfigAwareListener.java
View File

@ -2,6 +2,7 @@ package run.halo.app.listener.freemarker;
import static run.halo.app.model.support.HaloConst.OPTIONS_CACHE_KEY; import static run.halo.app.model.support.HaloConst.OPTIONS_CACHE_KEY;
import freemarker.core.TemplateClassResolver;
import freemarker.template.Configuration; import freemarker.template.Configuration;
import freemarker.template.TemplateModel; import freemarker.template.TemplateModel;
import freemarker.template.TemplateModelException; import freemarker.template.TemplateModelException;
@ -78,6 +79,7 @@ public class FreemarkerConfigAwareListener {
private void initFreemarkerConfig() throws TemplateModelException { private void initFreemarkerConfig() throws TemplateModelException {
configuration.setSharedVariable("layout", freemarkerLayoutDirectives()); configuration.setSharedVariable("layout", freemarkerLayoutDirectives());
configuration.setNewBuiltinClassResolver(TemplateClassResolver.SAFER_RESOLVER);
} }
@EventListener @EventListener