You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/09/16 08:20:47 UTC

svn commit: r1866986 - /ofbiz/ofbiz-framework/trunk/framework/webtools/groovyScripts/log/FetchLogs.groovy

Author: jleroux
Date: Mon Sep 16 08:20:46 2019
New Revision: 1866986

URL: http://svn.apache.org/viewvc?rev=1866986&view=rev
Log:
Fixed: Path Traversal in webtools/control/FetchLogs and ViewFile
(OFBIZ-11196)

Fixes a typo which was crashing webtools/control/LogView

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webtools/groovyScripts/log/FetchLogs.groovy

Modified: ofbiz/ofbiz-framework/trunk/framework/webtools/groovyScripts/log/FetchLogs.groovy
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webtools/groovyScripts/log/FetchLogs.groovy?rev=1866986&r1=1866985&r2=1866986&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webtools/groovyScripts/log/FetchLogs.groovy (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webtools/groovyScripts/log/FetchLogs.groovy Mon Sep 16 08:20:46 2019
@@ -42,7 +42,7 @@ for (int i = 0; i < listLogFiles.length;
 }
 context.listLogFileNames = listLogFileNames.sort()
 
-if (parameters.logFileName && logFileName.contains(parameters.logFileName)) {
+if (parameters.logFileName && listLogFileNames.contains(parameters.logFileName)) {
     List logLines = []
     try {
         File logFile = FileUtil.getFile(ofbizLogDir.concat(parameters.logFileName))