MALIO-DEV/PlantUmlServer
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add security features + java property support

Browse Source 
- set `ALLOW_PLANTUML_INCLUDE` only once and decentralized inside the `DiagramResponse` class and call this init method after initializing the server
- set `PLANTUML_SECURITY_PROFILE` to `INTERNET` by default (BREAKING CHANGES)
- add possibility to set PlantUML system properties over a file with `PLANTUML_PROPERTY_FILE`
- adjust documentation
- add "Breaking changes" hint to README
This commit is contained in:
HeinrichAD
2023-06-10 18:34:27 +02:00
committed by PlantUML
parent 5fa6cbc82f
commit 09a7ce4973
7 changed files with 88 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/net/sourceforge/plantuml/servlet/ProxyServlet.java
View File

@@ -41,7 +41,6 @@ import jakarta.servlet.http.HttpServletResponse;
import net.sourceforge.plantuml.BlockUml;
import net.sourceforge.plantuml.FileFormat;
import net.sourceforge.plantuml.OptionFlags;
import net.sourceforge.plantuml.SourceStringReader;
import net.sourceforge.plantuml.core.Diagram;
import net.sourceforge.plantuml.core.UmlSource;
@@ -54,13 +53,6 @@ import net.sourceforge.plantuml.core.UmlSource;
@SuppressWarnings("SERIAL")
public class ProxyServlet extends HttpServlet {
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
public static boolean forbiddenURL(String full) {
if (full == null) {
return true;