Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-09-08 17:51:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

(Snyk) Fixed finding: "java/PT"

Browse Source
This commit is contained in:
pixeebotstirling[bot] 2025-07-17 16:04:15 +00:00 committed by GitHub
parent fc9551a332
commit 8013e28b80
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
View File

@ -74,9 +74,19 @@ public class WatermarkController {
public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request) public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request)
throws IOException, Exception { throws IOException, Exception {
MultipartFile pdfFile = request.getFileInput(); MultipartFile pdfFile = request.getFileInput();
String pdfFileName = pdfFile.getOriginalFilename();
if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) {
throw new SecurityException("Invalid file path in pdfFile");
}
String watermarkType = request.getWatermarkType(); String watermarkType = request.getWatermarkType();
String watermarkText = request.getWatermarkText(); String watermarkText = request.getWatermarkText();
MultipartFile watermarkImage = request.getWatermarkImage(); MultipartFile watermarkImage = request.getWatermarkImage();
if (watermarkImage != null) {
String watermarkImageFileName = watermarkImage.getOriginalFilename();
if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) {
throw new SecurityException("Invalid file path in watermarkImage");
}
}
String alphabet = request.getAlphabet(); String alphabet = request.getAlphabet();
float fontSize = request.getFontSize(); float fontSize = request.getFontSize();
float rotation = request.getRotation(); float rotation = request.getRotation();