Commit 0c516d06 authored by richmidwinter's avatar richmidwinter Committed by daryl herzmann

OF-1021: Admin Console Arbitrary File Upload (#866)

parent ef2ec40a
......@@ -38,6 +38,8 @@ import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.FileTime;
import java.util.*;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.jar.JarFile;
import java.util.zip.ZipException;
/**
* Manages plugins.
......@@ -184,17 +186,20 @@ public class PluginManager
try
{
// If pluginFilename is a path instead of a simple file name, we only want the file name
int index = pluginFilename.lastIndexOf( File.separator );
if ( index != -1 )
{
pluginFilename = pluginFilename.substring( index + 1 );
}
pluginFilename = Paths.get(pluginFilename).getFileName().toString();
// Absolute path to the plugin file
Path absolutePath = pluginDirectory.resolve( pluginFilename );
Path partFile = pluginDirectory.resolve( pluginFilename + ".part" );
// Save input stream contents to a temp file
Files.copy( in, partFile, StandardCopyOption.REPLACE_EXISTING );
// Check if zip file, else ZipException caught below.
try (JarFile file = new JarFile(partFile.toFile())) {
} catch (ZipException e) {
Files.deleteIfExists(partFile);
throw e;
};
// Rename temp file to .jar
Files.move( partFile, absolutePath, StandardCopyOption.REPLACE_EXISTING );
// Ask the plugin monitor to update the plugin immediately.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment