Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-08 22:45:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

test/html is cause of xss

Browse Source
This commit is contained in:
nazoking
2015-01-30 15:32:53 +09:00
parent da55bf6af3
commit 9ba564c864
5 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/scala/app/AccountController.scala
View File

@@ -135,8 +135,9 @@ trait AccountControllerBase extends AccountManagementControllerBase {
get("/:userName/_avatar"){
val userName = params("userName")
getAccountByUserName(userName).flatMap(_.image).map { image =>
contentType = FileUtil.getMimeType(image)
new java.io.File(getUserUploadDir(userName), image)
outputUploadedRawData(
FileUtil.getMimeType(image),
new java.io.File(getUserUploadDir(userName), image))
} getOrElse {
contentType = "image/png"
Thread.currentThread.getContextClassLoader.getResourceAsStream("noimage.png")