Mercurial > hg > orthanc

diff OrthancServer/Plugins/Samples/AdvancedStorage/Plugin.cpp @ 5082:4af5f496a0dd attach-custom-data

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix
author Alain Mazy <am@osimis.io>
date Wed, 14 Sep 2022 17:11:05 +0200
parents c673997507ea
children 79f98ee4f04b
line wrap: on
line diff
--- a/OrthancServer/Plugins/Samples/AdvancedStorage/Plugin.cpp	Tue Sep 13 11:02:43 2022 +0200
+++ b/OrthancServer/Plugins/Samples/AdvancedStorage/Plugin.cpp	Wed Sep 14 17:11:05 2022 +0200
@@ -289,10 +289,13 @@
   LOG(INFO) << "Advanced Storage - creating attachment \"" << uuid << "\" of type " << static_cast<int>(type) << " (path = " + path.string() + ")";
 
   // check that the final path is not 'above' the root path (this could happen if e.g., a PatientName is ../../../../toto)
-  std::string canonicalPath = fs::canonical(path).string();
-  if (!Orthanc::Toolbox::StartsWith(canonicalPath, rootPath.string()))
+  // fs::canonical() can not be used for that since the file needs to exist
+  // so far, we'll just forbid path containing '..' since they might be suspicious
+  if (path.string().find("..") != std::string::npos)
   {
-    throw Orthanc::OrthancException(Orthanc::ErrorCode_InternalError, std::string("Advanced Storage - final path is above root: '") + canonicalPath + "' - '" + rootPath.string() + "'") ;
+    fs::path legacyPath = rootPath / GetLegacyRelativePath(uuid);
+    LOG(WARNING) << "Advanced Storage - WAS02 - Path is suspicious since it contains '..': '" << path.string() << "' will be stored in '" << legacyPath << "'";
+    path = legacyPath;
   }
 
   // check path length !!!!!, if too long, go back to legacy path and issue a warning