You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@james.apache.org by bt...@apache.org on 2022/01/26 07:28:56 UTC

[james-project] 01/03: JAMES-3646 Rely on strong typing for file paths operations

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch 3.6.x
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit 0974e767b870c8d171061fff5cbd3ecfb95f2533
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Wed Jan 26 14:28:00 2022 +0700

    JAMES-3646 Rely on strong typing for file paths operations
---
 .../src/main/java/org/apache/james/mailbox/maildir/MaildirFolder.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mailbox/maildir/src/main/java/org/apache/james/mailbox/maildir/MaildirFolder.java b/mailbox/maildir/src/main/java/org/apache/james/mailbox/maildir/MaildirFolder.java
index 010c8dc..7217b59 100644
--- a/mailbox/maildir/src/main/java/org/apache/james/mailbox/maildir/MaildirFolder.java
+++ b/mailbox/maildir/src/main/java/org/apache/james/mailbox/maildir/MaildirFolder.java
@@ -28,6 +28,7 @@ import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.PrintWriter;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.LinkedList;
@@ -107,7 +108,7 @@ public class MaildirFolder {
 
     public MaildirFolder validateWithinFolder(File maildirRoot) throws MailboxNotFoundException {
         try {
-            if (!rootFolder.toPath().normalize().startsWith(maildirRoot.toPath().normalize())) {
+            if (!Path.of(rootFolder.getCanonicalPath()).normalize().startsWith(Path.of(maildirRoot.getCanonicalPath()).normalize())) {
                 throw new MailboxNotFoundException(rootFolder.getCanonicalPath() + " jail breaks out of " + maildirRoot.getCanonicalPath());
             }
         } catch (IOException e) {

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org