From 7e2e8238842c7d158211faafe03f814bffa78a8f Mon Sep 17 00:00:00 2001 From: enahum Date: Wed, 22 Mar 2017 16:24:05 -0300 Subject: PLT-5905 Fix saml certificates (#5803) --- app/saml.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'app/saml.go') diff --git a/app/saml.go b/app/saml.go index 92f0e1f0e..e2bf4ccb2 100644 --- a/app/saml.go +++ b/app/saml.go @@ -12,6 +12,7 @@ import ( "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" + "path/filepath" ) func GetSamlMetadata() (string, *model.AppError) { @@ -29,13 +30,19 @@ func GetSamlMetadata() (string, *model.AppError) { } func WriteSamlFile(fileData *multipart.FileHeader) *model.AppError { + filename := filepath.Base(fileData.Filename) + + if filename == "." || filename == string(filepath.Separator) { + return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, "") + } + file, err := fileData.Open() defer file.Close() if err != nil { return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error()) } - out, err := os.Create(utils.FindDir("config") + fileData.Filename) + out, err := os.Create(utils.FindDir("config") + filename) if err != nil { return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error()) } @@ -106,6 +113,12 @@ func AddSamlIdpCertificate(fileData *multipart.FileHeader) *model.AppError { } func RemoveSamlFile(filename string) *model.AppError { + filename = filepath.Base(filename) + + if filename == "." || filename == string(filepath.Separator) { + return model.NewLocAppError("AddSamlCertificate", "api.admin.remove_certificate.delete.app_error", nil, "") + } + if err := os.Remove(utils.FindConfigFile(filename)); err != nil { return model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error", map[string]interface{}{"Filename": filename}, err.Error()) -- cgit v1.2.3-1-g7c22