From 0a610e8178a0a1197e9c6615b58faf67c406d2bc Mon Sep 17 00:00:00 2001
From: erzhongxmu <erzhongxmu@hotmail.com>
Date: Wed, 10 Apr 2024 10:10:26 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=BB=BB=E6=84=8F=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E4=B8=8A=E4=BC=A0=E5=92=8C=E4=B8=8B=E8=BD=BD=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/system/controller/core/SystemController.java             | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java b/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
index 9cfc9b65..e8a5e8b3 100644
--- a/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
+++ b/src/main/java/org/jeecgframework/web/system/controller/core/SystemController.java
@@ -1244,6 +1244,7 @@ public class SystemController extends BaseController {
 		try {
 			String localPath=ResourceUtil.getConfigByName("webUploadpath");
 			String imgurl = localPath+File.separator+dbpath;
+			imgurl = imgurl.replace("..", "").replace("../", "");
 			inputStream = new BufferedInputStream(new FileInputStream(imgurl));
 			outputStream = response.getOutputStream();
 			byte[] buf = new byte[1024];