diff options
author | Anton Tananaev <anton@traccar.org> | 2024-02-05 21:42:08 -0800 |
---|---|---|
committer | Anton Tananaev <anton@traccar.org> | 2024-02-05 21:42:08 -0800 |
commit | c506f723c905fed6995cde26168dce9948599fd4 (patch) | |
tree | 9effc4ac9da31e692fa1cc6ca2badccec88de963 /src/main/java/org | |
parent | 444d54e792418333b98a109490b7eaffc96cdf53 (diff) | |
download | trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.tar.gz trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.tar.bz2 trackermap-server-c506f723c905fed6995cde26168dce9948599fd4.zip |
Add unique id validation
Diffstat (limited to 'src/main/java/org')
-rw-r--r-- | src/main/java/org/traccar/model/Device.java | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/main/java/org/traccar/model/Device.java b/src/main/java/org/traccar/model/Device.java index e07815976..a3088a613 100644 --- a/src/main/java/org/traccar/model/Device.java +++ b/src/main/java/org/traccar/model/Device.java @@ -53,6 +53,9 @@ public class Device extends GroupedModel implements Disableable, Schedulable { } public void setUniqueId(String uniqueId) { + if (uniqueId.contains("../") || uniqueId.contains("..\\")) { + throw new IllegalArgumentException("Invalid unique id"); + } this.uniqueId = uniqueId.trim(); } |