From 50807a9ee40f53d338ac4b2f339d66b95797fea2 Mon Sep 17 00:00:00 2001
From: "pixeebotstirling[bot]"
 <221352955+pixeebotstirling[bot]@users.noreply.github.com>
Date: Thu, 17 Jul 2025 16:00:31 +0000
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20(Snyk)=20Fixed=20finding:=20"java/P?=
 =?UTF-8?q?T"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../SPDF/controller/api/misc/StampController.java      | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
index bdf27c519..a784b0f39 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
@@ -42,6 +42,7 @@ import stirling.software.common.service.CustomPDFDocumentFactory;
 import stirling.software.common.util.TempFile;
 import stirling.software.common.util.TempFileManager;
 import stirling.software.common.util.WebResponseUtils;
+import java.lang.IllegalArgumentException;
 
 @RestController
 @RequestMapping("/api/v1/misc")
@@ -62,9 +63,18 @@ public class StampController {
     public ResponseEntity<byte[]> addStamp(@ModelAttribute AddStampRequest request)
             throws IOException, Exception {
         MultipartFile pdfFile = request.getFileInput();
+        String pdfFileName = pdfFile.getOriginalFilename();
+        if (pdfFileName.contains("..") || pdfFileName.startsWith("/")) {
+            throw new IllegalArgumentException("Invalid PDF file path");
+        }
+        
         String stampType = request.getStampType();
         String stampText = request.getStampText();
         MultipartFile stampImage = request.getStampImage();
+        String stampImageName = stampImage.getOriginalFilename();
+        if (stampImageName.contains("..") || stampImageName.startsWith("/")) {
+            throw new IllegalArgumentException("Invalid stamp image file path");
+        }
         String alphabet = request.getAlphabet();
         float fontSize = request.getFontSize();
         float rotation = request.getRotation();