修复任意文件上传和下载漏洞

master
erzhongxmu 2024-04-10 10:11:00 +08:00
parent 0a610e8178
commit 4d04625700
1 changed files with 3 additions and 1 deletions

View File

@ -1195,7 +1195,9 @@ public class SystemController extends BaseController {
}else if("1".equals(delFlag)){ }else if("1".equals(delFlag)){
String path=request.getParameter("path"); String path=request.getParameter("path");
String delpath=ctxPath+File.separator+path; String delpath=ctxPath+File.separator+path;
File fileDelete = new File(delpath); delpath = delpath.replace("..", "").replace("../", "");
File fileDelete = new File(delpath);
if (!fileDelete.exists() || !fileDelete.isFile()) { if (!fileDelete.exists() || !fileDelete.isFile()) {
msg="警告: " + delpath + "不存在!"; msg="警告: " + delpath + "不存在!";
j.setSuccess(true);//不存在前台也给他删除 j.setSuccess(true);//不存在前台也给他删除