From e79e865766c9932e1068f914a481e596c6816296 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 31 Mar 2022 13:42:07 +0300 Subject: Spring4Shell workaround --- src/main/java/com/juick/www/BinderHandler.java | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 src/main/java/com/juick/www/BinderHandler.java (limited to 'src/main/java/com/juick') diff --git a/src/main/java/com/juick/www/BinderHandler.java b/src/main/java/com/juick/www/BinderHandler.java new file mode 100644 index 00000000..c89fc37c --- /dev/null +++ b/src/main/java/com/juick/www/BinderHandler.java @@ -0,0 +1,17 @@ +package com.juick.www; + +import org.springframework.core.annotation.Order; +import org.springframework.web.bind.WebDataBinder; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.InitBinder; + +@ControllerAdvice +@Order(10000) +public class BinderHandler { + + @InitBinder + public void setAllowedFields(WebDataBinder dataBinder) { + String[] denylist = new String[] { "class.*", "Class.*", "*.class.*", "*.Class.*" }; + dataBinder.setDisallowedFields(denylist); + } +} -- cgit v1.2.3