MALIO-DEV/PlantUmlServer
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add security features + java property support

Browse Source 
- set `ALLOW_PLANTUML_INCLUDE` only once and decentralized inside the `DiagramResponse` class and call this init method after initializing the server
- set `PLANTUML_SECURITY_PROFILE` to `INTERNET` by default (BREAKING CHANGES)
- add possibility to set PlantUML system properties over a file with `PLANTUML_PROPERTY_FILE`
- adjust documentation
- add "Breaking changes" hint to README
This commit is contained in:
HeinrichAD
2023-06-10 18:34:27 +02:00
committed by PlantUML
parent 5fa6cbc82f
commit 09a7ce4973
7 changed files with 88 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/net/sourceforge/plantuml/servlet/UmlDiagramService.java
View File

@@ -34,7 +34,6 @@ import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import net.sourceforge.plantuml.FileFormat;
import net.sourceforge.plantuml.OptionFlags;
import net.sourceforge.plantuml.servlet.utility.UmlExtractor;
import net.sourceforge.plantuml.servlet.utility.UrlDataExtractor;
@@ -44,13 +43,6 @@ import net.sourceforge.plantuml.servlet.utility.UrlDataExtractor;
@SuppressWarnings("SERIAL")
public abstract class UmlDiagramService extends HttpServlet {
static {
OptionFlags.ALLOW_INCLUDE = false;
if ("true".equalsIgnoreCase(System.getenv("ALLOW_PLANTUML_INCLUDE"))) {
OptionFlags.ALLOW_INCLUDE = true;
}
}
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
final String url = request.getRequestURI();