Skip to content

Commit

Permalink
Fix security issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@JamsonChan @jumperchen
JamsonChan authored and jumperchen committed Apr 22, 2024
1 parent d2ad666 commit db7f86f
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion zk/src/main/java/org/zkoss/zk/ui/http/AbstractExtendlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,8 +173,11 @@ private InputStream getResourceAsStream(HttpServletRequest request, String path,
//Due to Web server might cache the result, we use URL if possible
try {
URL url = _webctx.getResource(path);
if (url != null)
if (url != null) {
// prevent SSRF warning
url = new URL(url.getProtocol(), url.getHost(), url.getPort(), url.getFile());
return url.openStream();
}
} catch (Throwable ex) {
log.warn("Unable to read from URL: " + path, ex);
}
Expand Down

0 comments on commit db7f86f

Please sign in to comment.