Defer permissions check when making LocalSession.

Also use Java7 Paths to get rid of some funky logic.
This commit is contained in:
wizjany
2019-03-11 20:37:35 -04:00
parent a5cec7728d
commit 1c5d3368a0
2 changed files with 14 additions and 15 deletions

View File

@@ -68,6 +68,8 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -279,19 +281,17 @@ public final class WorldEdit {
}
try {
String filePath = f.getCanonicalPath();
String dirPath = dir.getCanonicalPath();
Path filePath = Paths.get(f.toURI()).normalize();
Path dirPath = Paths.get(dir.toURI()).normalize();
if ((filePath.length() < dirPath.length() || !filePath.substring(0, dirPath.length()).equals(dirPath))
&& !getConfiguration().allowSymlinks) {
throw new FilenameResolutionException(filename,
"Path is outside allowable root");
if (!filePath.startsWith(dirPath)
|| (!getConfiguration().allowSymlinks && !filePath.toRealPath().startsWith(dirPath))) {
throw new FilenameResolutionException(filename, "Path is outside allowable root");
}
return f;
} catch (IOException e) {
throw new FilenameResolutionException(filename,
"Failed to resolve path");
throw new FilenameResolutionException(filename, "Failed to resolve path");
}
}