aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2022-03-31 13:42:07 +0300
committerGravatar Vitaly Takmazov2022-03-31 13:42:07 +0300
commite79e865766c9932e1068f914a481e596c6816296 (patch)
tree52b4cbe41cafca5086c5c5dd4826e08721288925
parent4b7b19f6c2927f03e7c84d1860c59554217789bc (diff)
Spring4Shell workaround
-rw-r--r--src/main/java/com/juick/www/BinderHandler.java17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/main/java/com/juick/www/BinderHandler.java b/src/main/java/com/juick/www/BinderHandler.java
new file mode 100644
index 00000000..c89fc37c
--- /dev/null
+++ b/src/main/java/com/juick/www/BinderHandler.java
@@ -0,0 +1,17 @@
+package com.juick.www;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.InitBinder;
+
+@ControllerAdvice
+@Order(10000)
+public class BinderHandler {
+
+ @InitBinder
+ public void setAllowedFields(WebDataBinder dataBinder) {
+ String[] denylist = new String[] { "class.*", "Class.*", "*.class.*", "*.Class.*" };
+ dataBinder.setDisallowedFields(denylist);
+ }
+}