Refine regex pattern for domain path matching

Updated regex pattern to escape only the '/' character while noting potential risks with the wildcard '.' character.
This commit is contained in:
Davi Torres 2026-03-31 11:57:49 -04:00 committed by GitHub
parent 274c5f7482
commit 1a7c6345aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions

View File

@ -1074,7 +1074,7 @@ public class DomainManagerImpl extends ManagerBase implements DomainManager, Dom
for (Map.Entry<Long, List<String>> entry : idsOfDomainsWithResourcesUsedByDomainToBeMoved.entrySet()) {
DomainVO domainWithResourceUsedByDomainToBeMoved = _domainDao.findById(entry.getKey());
Pattern pattern = Pattern.compile(domainWithResourceUsedByDomainToBeMoved.getPath().replace("/", "\\/").concat(".*"));
Pattern pattern = Pattern.compile(domainWithResourceUsedByDomainToBeMoved.getPath().replace("/", "\\/").concat(".*")); // This only scaped one Regex metacharacter (/). The wildcard `.` is more common and dangerous in my opinion.
Matcher matcher = pattern.matcher(newPathOfDomainToBeMoved);
if (!matcher.matches()) {
domainsOfResourcesInaccessibleToNewParentDomain.put(domainWithResourceUsedByDomainToBeMoved, entry.getValue());