mirror of
https://github.com/octoleo/plantuml-server.git
synced 2024-06-01 08:00:48 +00:00
Fix security #122
This commit is contained in:
parent
aa9172f715
commit
83138142c5
|
@ -69,6 +69,12 @@ class DiagramResponse {
|
||||||
map.put(FileFormat.BASE64, "text/plain; charset=x-user-defined");
|
map.put(FileFormat.BASE64, "text/plain; charset=x-user-defined");
|
||||||
CONTENT_TYPE = Collections.unmodifiableMap(map);
|
CONTENT_TYPE = Collections.unmodifiableMap(map);
|
||||||
}
|
}
|
||||||
|
static {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = false;
|
||||||
|
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
DiagramResponse(HttpServletResponse r, FileFormat f, HttpServletRequest rq) {
|
DiagramResponse(HttpServletResponse r, FileFormat f, HttpServletRequest rq) {
|
||||||
response = r;
|
response = r;
|
||||||
|
|
|
@ -56,6 +56,13 @@ import javax.net.ssl.SSLPeerUnverifiedException;
|
||||||
@SuppressWarnings("serial")
|
@SuppressWarnings("serial")
|
||||||
public class ProxyServlet extends HttpServlet {
|
public class ProxyServlet extends HttpServlet {
|
||||||
|
|
||||||
|
static {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = false;
|
||||||
|
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
|
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
|
||||||
|
|
||||||
|
|
|
@ -42,6 +42,13 @@ import java.util.regex.Pattern;
|
||||||
@SuppressWarnings("serial")
|
@SuppressWarnings("serial")
|
||||||
public abstract class UmlDiagramService extends HttpServlet {
|
public abstract class UmlDiagramService extends HttpServlet {
|
||||||
|
|
||||||
|
static {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = false;
|
||||||
|
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
|
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,13 @@ import net.sourceforge.plantuml.code.TranscoderUtil;
|
||||||
*/
|
*/
|
||||||
public class UmlExtractor {
|
public class UmlExtractor {
|
||||||
|
|
||||||
|
static {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = false;
|
||||||
|
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
|
||||||
|
OptionFlags.ALLOW_INCLUDE = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Build the complete UML source from the compressed source extracted from the HTTP URI.
|
* Build the complete UML source from the compressed source extracted from the HTTP URI.
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue
Block a user