center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

fix: DataEase 未授权漏洞

Browse Source
This commit is contained in:
taojinlong 2024-03-20 16:28:36 +08:00
parent ab875b20c0
commit 49555ab90f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
View File

@ -1,6 +1,7 @@
package io.dataease.utils;
import io.dataease.constant.AuthConstant;
import io.dataease.exception.DEException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.env.Environment;
@ -43,6 +44,9 @@ public class WhitelistUtils {
"/");
public static boolean match(String requestURI) {
if (requestURI.contains(";") && !requestURI.contains("?")) {
DEException.throwException("Invalid uri: " + requestURI);
}
if (StringUtils.startsWith(requestURI, getContextPath())) {
requestURI = requestURI.replaceFirst(getContextPath(), "");
}