diff options
Diffstat (limited to 'src/main/java/org/traccar/api/resource/ServerResource.java')
-rw-r--r-- | src/main/java/org/traccar/api/resource/ServerResource.java | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/src/main/java/org/traccar/api/resource/ServerResource.java b/src/main/java/org/traccar/api/resource/ServerResource.java index 59ef642c8..66ecc74e1 100644 --- a/src/main/java/org/traccar/api/resource/ServerResource.java +++ b/src/main/java/org/traccar/api/resource/ServerResource.java @@ -107,14 +107,14 @@ public class ServerResource extends BaseResource { } @PUT - public Response update(Server entity) throws StorageException { + public Response update(Server server) throws Exception { permissionsService.checkAdmin(getUserId()); - storage.updateObject(entity, new Request( + storage.updateObject(server, new Request( new Columns.Exclude("id"), - new Condition.Equals("id", entity.getId()))); - cacheManager.updateOrInvalidate(true, entity, ObjectOperation.UPDATE); - LogAction.edit(getUserId(), entity); - return Response.ok(entity).build(); + new Condition.Equals("id", server.getId()))); + cacheManager.invalidateObject(true, Server.class, server.getId(), ObjectOperation.UPDATE); + LogAction.edit(getUserId(), server); + return Response.ok(server).build(); } @Path("geocode") @@ -136,11 +136,16 @@ public class ServerResource extends BaseResource { @Path("file/{path}") @POST @Consumes("*/*") - public Response uploadImage(@PathParam("path") String path, File inputFile) throws IOException, StorageException { + public Response uploadFile(@PathParam("path") String path, File inputFile) throws IOException, StorageException { permissionsService.checkAdmin(getUserId()); String root = config.getString(Keys.WEB_OVERRIDE, config.getString(Keys.WEB_PATH)); - var outputPath = Paths.get(root, path); + var rootPath = Paths.get(root).normalize(); + var outputPath = rootPath.resolve(path).normalize(); + if (!outputPath.startsWith(rootPath)) { + return Response.status(Response.Status.BAD_REQUEST).build(); + } + var directoryPath = outputPath.getParent(); if (directoryPath != null) { Files.createDirectories(directoryPath); @@ -152,4 +157,11 @@ public class ServerResource extends BaseResource { return Response.ok().build(); } + @Path("cache") + @GET + public String cache() throws StorageException { + permissionsService.checkAdmin(getUserId()); + return cacheManager.toString(); + } + } |