diff options
author | Vitaly Takmazov | 2022-03-31 13:42:07 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2022-03-31 13:42:07 +0300 |
commit | e79e865766c9932e1068f914a481e596c6816296 (patch) | |
tree | 52b4cbe41cafca5086c5c5dd4826e08721288925 | |
parent | 4b7b19f6c2927f03e7c84d1860c59554217789bc (diff) |
Spring4Shell workaround
-rw-r--r-- | src/main/java/com/juick/www/BinderHandler.java | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/main/java/com/juick/www/BinderHandler.java b/src/main/java/com/juick/www/BinderHandler.java new file mode 100644 index 00000000..c89fc37c --- /dev/null +++ b/src/main/java/com/juick/www/BinderHandler.java @@ -0,0 +1,17 @@ +package com.juick.www; + +import org.springframework.core.annotation.Order; +import org.springframework.web.bind.WebDataBinder; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.InitBinder; + +@ControllerAdvice +@Order(10000) +public class BinderHandler { + + @InitBinder + public void setAllowedFields(WebDataBinder dataBinder) { + String[] denylist = new String[] { "class.*", "Class.*", "*.class.*", "*.Class.*" }; + dataBinder.setDisallowedFields(denylist); + } +} |