zcy
/
jee_wms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复任意文件上传和下载漏洞

master
erzhongxmu 2024-04-10 10:10:26 +08:00
parent ddc500294b
commit 0a610e8178
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
View File

@ -1244,6 +1244,7 @@ public class SystemController extends BaseController {
try { try {
String localPath=ResourceUtil.getConfigByName("webUploadpath"); String localPath=ResourceUtil.getConfigByName("webUploadpath");
String imgurl = localPath+File.separator+dbpath; String imgurl = localPath+File.separator+dbpath;
imgurl = imgurl.replace("..", "").replace("../", "");
inputStream = new BufferedInputStream(new FileInputStream(imgurl)); inputStream = new BufferedInputStream(new FileInputStream(imgurl));
outputStream = response.getOutputStream(); outputStream = response.getOutputStream();
byte[] buf = new byte[1024]; byte[] buf = new byte[1024];