public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-14 21:12:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8609 from dataease/pr@dev-v2@fileddesc

Browse Source 
fix: DataEase 未授权漏洞
This commit is contained in:
taojinlong
2024-03-20 16:30:08 +08:00
committed by GitHub
parent a91d516444 49555ab90f
commit 5e80af5fc9
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
View File

@@ -1,6 +1,7 @@
package io.dataease.utils;
import io.dataease.constant.AuthConstant;
import io.dataease.exception.DEException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.env.Environment;
@@ -44,6 +45,9 @@ public class WhitelistUtils {
"/");
public static boolean match(String requestURI) {
if (requestURI.contains(";") && !requestURI.contains("?")) {
DEException.throwException("Invalid uri: " + requestURI);
}
if (StringUtils.startsWith(requestURI, getContextPath())) {
requestURI = requestURI.replaceFirst(getContextPath(), "");
}