修复任意文件上传和下载漏洞
parent
ddc500294b
commit
0a610e8178
|
@ -1244,6 +1244,7 @@ public class SystemController extends BaseController {
|
||||||
try {
|
try {
|
||||||
String localPath=ResourceUtil.getConfigByName("webUploadpath");
|
String localPath=ResourceUtil.getConfigByName("webUploadpath");
|
||||||
String imgurl = localPath+File.separator+dbpath;
|
String imgurl = localPath+File.separator+dbpath;
|
||||||
|
imgurl = imgurl.replace("..", "").replace("../", "");
|
||||||
inputStream = new BufferedInputStream(new FileInputStream(imgurl));
|
inputStream = new BufferedInputStream(new FileInputStream(imgurl));
|
||||||
outputStream = response.getOutputStream();
|
outputStream = response.getOutputStream();
|
||||||
byte[] buf = new byte[1024];
|
byte[] buf = new byte[1024];
|
||||||
|
|
Loading…
Reference in New Issue