修复任意文件上传和下载漏洞
parent
0a610e8178
commit
4d04625700
|
@ -1195,6 +1195,8 @@ public class SystemController extends BaseController {
|
|||
}else if("1".equals(delFlag)){
|
||||
String path=request.getParameter("path");
|
||||
String delpath=ctxPath+File.separator+path;
|
||||
delpath = delpath.replace("..", "").replace("../", "");
|
||||
|
||||
File fileDelete = new File(delpath);
|
||||
if (!fileDelete.exists() || !fileDelete.isFile()) {
|
||||
msg="警告: " + delpath + "不存在!";
|
||||
|
|
Loading…
Reference in New Issue