Add unique id validation

author: Anton Tananaev <anton@traccar.org> 2024-02-05 21:42:08 -0800
committer: Anton Tananaev <anton@traccar.org> 2024-02-05 21:42:08 -0800
commit: c506f723c905fed6995cde26168dce9948599fd4 (patch)
tree: 9effc4ac9da31e692fa1cc6ca2badccec88de963
parent: 444d54e792418333b98a109490b7eaffc96cdf53 (diff)
download: trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.tar.gz
trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.tar.bz2
trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/main/java/org/traccar/model/Device.java b/src/main/java/org/traccar/model/Device.java
index e07815976..a3088a613 100644
--- a/src/main/java/org/traccar/model/Device.java
+++ b/src/main/java/org/traccar/model/Device.java
@@ -53,6 +53,9 @@ public class Device extends GroupedModel implements Disableable, Schedulable {
     }
 
     public void setUniqueId(String uniqueId) {
+        if (uniqueId.contains("../") || uniqueId.contains("..\\")) {
+            throw new IllegalArgumentException("Invalid unique id");
+        }
         this.uniqueId = uniqueId.trim();
     }
author	Anton Tananaev <anton@traccar.org>	2024-02-05 21:42:08 -0800
committer	Anton Tananaev <anton@traccar.org>	2024-02-05 21:42:08 -0800
commit	c506f723c905fed6995cde26168dce9948599fd4 (patch)
tree	9effc4ac9da31e692fa1cc6ca2badccec88de963
parent	444d54e792418333b98a109490b7eaffc96cdf53 (diff)
download	trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.tar.gz trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.tar.bz2 trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.zip