Hauv Grails lub vev xaib, tsim los tsim cov ntawv thov hauv web raws li MVC paradigm hauv Java, Groovy thiab lwm yam lus rau JVM, qhov muaj qhov tsis zoo tau raug txheeb xyuas uas tso cai rau koj los tswj hwm koj cov cai hauv ib puag ncig hauv lub vev xaib. daim ntawv thov ua haujlwm. Qhov tsis zoo yog siv los ntawm kev xa cov ntawv thov tshwj xeeb uas muab cov neeg tawm tsam nkag mus rau ClassLoader. Qhov teeb meem yog tshwm sim los ntawm qhov tsis zoo ntawm cov ntaub ntawv-binding logic, uas yog siv ob qho tib si thaum tsim khoom thiab thaum manually khi siv bindData. Qhov teeb meem raug daws hauv kev tso tawm 3.3.15, 4.1.1, 5.1.9, thiab 5.2.1.
Tsis tas li ntawd, peb tuaj yeem nco ntsoov qhov muaj qhov tsis zoo hauv Ruby module tzinfo, uas tso cai rau koj rub tawm cov ntsiab lus ntawm txhua cov ntaub ntawv, kom deb li deb raws li txoj cai nkag ntawm daim ntawv thov raug tso cai. Qhov tsis zoo yog vim tsis muaj kev kuaj xyuas kom zoo rau kev siv cov cim tshwj xeeb hauv lub npe ntawm lub sijhawm thaj tsam teev tseg hauv TZInfo::Timezone.get txoj kev. Qhov teeb meem cuam tshuam rau cov ntawv thov uas hla cov ntaub ntawv tsis raug sab nraud rau TZInfo::Timezone.get. Piv txwv li, nyeem cov ntaub ntawv /tmp/payload, koj tuaj yeem qhia tus nqi xws li "foo\n/../../../tmp/payload".
Tau qhov twg los: opennet.ru