Skip to content

Commit d677844

Browse files
monkikimonkiki
authored
Merge pull request #335 from openkm/issue/332
Fix Temporary Directory Hijacking or Information Disclosure Vulnerabi…
2 parents e1ee4c0 + c069e4d commit d677844

File tree

1 file changed

+3
-8
lines changed

1 file changed

+3
-8
lines changed

src/main/java/com/openkm/util/FileUtils.java

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
import org.slf4j.LoggerFactory;
3232

3333
import java.io.*;
34+
import java.nio.file.Files;
3435
import java.text.SimpleDateFormat;
3536
import java.util.Collection;
3637
import java.util.Date;
@@ -66,13 +67,7 @@ public static String getFileExtension(String file) {
6667
* @throws IOException If something fails.
6768
*/
6869
public static File createTempDir() throws IOException {
69-
File tmpFile = File.createTempFile("okm", null);
70-
71-
if (!tmpFile.delete())
72-
throw new IOException();
73-
if (!tmpFile.mkdir())
74-
throw new IOException();
75-
return tmpFile;
70+
return Files.createTempDirectory("okm").toFile();
7671
}
7772

7873
/**
@@ -229,7 +224,7 @@ public static void copy(File input, File output) throws IOException {
229224
}
230225

231226
/**
232-
* Create "year / month / day" directory structure.
227+
* Create "year / month / day" directory structure.
233228
*/
234229
public static File createDateDir(String parent) {
235230
SimpleDateFormat sdf = new SimpleDateFormat("yyyy" + File.separator + "MM" + File.separator + "dd");

0 commit comments

Comments
 (0)