zcy
/
jee_wms
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复任意文件上传和下载漏洞

master
erzhongxmu 2024-04-10 10:11:00 +08:00
parent 0a610e8178
commit 4d04625700
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
View File

@ -1195,7 +1195,9 @@ public class SystemController extends BaseController {
}else if("1".equals(delFlag)){ }else if("1".equals(delFlag)){
String path=request.getParameter("path"); String path=request.getParameter("path");
String delpath=ctxPath+File.separator+path; String delpath=ctxPath+File.separator+path;
File fileDelete = new File(delpath); delpath = delpath.replace("..", "").replace("../", "");
File fileDelete = new File(delpath);
if (!fileDelete.exists() || !fileDelete.isFile()) { if (!fileDelete.exists() || !fileDelete.isFile()) {
msg="警告: " + delpath + "不存在!"; msg="警告: " + delpath + "不存在!";
j.setSuccess(true);//不存在前台也给他删除 j.setSuccess(true);//不存在前台也给他删除