From c506f723c905fed6995cde26168dce9948599fd4 Mon Sep 17 00:00:00 2001 From: Anton Tananaev Date: Mon, 5 Feb 2024 21:42:08 -0800 Subject: Add unique id validation --- src/main/java/org/traccar/model/Device.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/main/java/org/traccar/model') diff --git a/src/main/java/org/traccar/model/Device.java b/src/main/java/org/traccar/model/Device.java index e07815976..a3088a613 100644 --- a/src/main/java/org/traccar/model/Device.java +++ b/src/main/java/org/traccar/model/Device.java @@ -53,6 +53,9 @@ public class Device extends GroupedModel implements Disableable, Schedulable { } public void setUniqueId(String uniqueId) { + if (uniqueId.contains("../") || uniqueId.contains("..\\")) { + throw new IllegalArgumentException("Invalid unique id"); + } this.uniqueId = uniqueId.trim(); } -- cgit v1.2.3