octoleo/plantuml-server
1
0
Fork 0
mirror of https://github.com/octoleo/plantuml-server.git synced 2025-01-03 05:00:14 +00:00
Code Issues Releases Wiki Activity

Fix security #122

Browse Source
This commit is contained in:
Arnaud Roques 2019-09-26 19:08:48 +02:00
parent aa9172f715
commit 83138142c5
4 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/net/sourceforge/plantuml/servlet/DiagramResponse.java
View File

@ -69,6 +69,12 @@ class DiagramResponse {
map.put(FileFormat.BASE64, "text/plain; charset=x-user-defined");
CONTENT_TYPE = Collections.unmodifiableMap(map);
}
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
DiagramResponse(HttpServletResponse r, FileFormat f, HttpServletRequest rq) {
response = r;

7
src/main/java/net/sourceforge/plantuml/servlet/ProxyServlet.java
View File

@ -56,6 +56,13 @@ import javax.net.ssl.SSLPeerUnverifiedException;
@SuppressWarnings("serial")
public class ProxyServlet extends HttpServlet {
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

7
src/main/java/net/sourceforge/plantuml/servlet/UmlDiagramService.java
View File

@ -42,6 +42,13 @@ import java.util.regex.Pattern;
@SuppressWarnings("serial")
public abstract class UmlDiagramService extends HttpServlet {
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {

7
src/main/java/net/sourceforge/plantuml/servlet/utility/UmlExtractor.java
View File

@ -36,6 +36,13 @@ import net.sourceforge.plantuml.code.TranscoderUtil;
*/
public class UmlExtractor {
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
/**
* Build the complete UML source from the compressed source extracted from the HTTP URI.
*