Skip to content
Snippets Groups Projects
Commit ba83d1a3 authored by Makhtar DIAGNE's avatar Makhtar DIAGNE
Browse files

[FIX RABB-808] Fix directory traversal security issue on getLogo

parent 710c9371
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
ui/ui-commons/src/main/java/fr/gouv/vitamui/ui/commons/service/ApplicationService.java
+ 1
1
View file @ ba83d1a3
......@@ -163,7 +163,7 @@ public class ApplicationService extends AbstractCrudService<ApplicationDto> {
}
public String getBase64File(String fileName, String basePath) {
final Path assetFile = Paths.get(basePath, fileName).normalize();
final Path assetFile = Paths.get(basePath, Paths.get(fileName).getFileName().toString());
String base64Asset = null;
try {
base64Asset = DatatypeConverter.printBase64Binary(Files.readAllBytes(assetFile));
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment