B3Partners · JLLeitschuh · Sep 21, 2022
diff --git a/viewer/src/main/java/nl/b3p/viewer/stripes/ComponentResourceActionBean.java b/viewer/src/main/java/nl/b3p/viewer/stripes/ComponentResourceActionBean.java
@@ -56,8 +56,7 @@ public Resolution resource() throws IOException{
             return new ErrorResolution(HttpServletResponse.SC_NOT_FOUND,"Resource not found");
         }
         //check if the file requested is in the path of the component
-        String check = file.getCanonicalPath();
-        if (!check.startsWith(comp.getPath())){
+        if (!file.getCanonicalFile().toPath().startsWith(comp.getPath())){
             return new ErrorResolution(HttpServletResponse.SC_FORBIDDEN,"Not allowed to access file");
         }