修复任意文件上传和下载漏洞

master
erzhongxmu 2024-04-10 10:10:26 +08:00
parent ddc500294b
commit 0a610e8178
1 changed files with 1 additions and 0 deletions

View File

@ -1244,6 +1244,7 @@ public class SystemController extends BaseController {
try { try {
String localPath=ResourceUtil.getConfigByName("webUploadpath"); String localPath=ResourceUtil.getConfigByName("webUploadpath");
String imgurl = localPath+File.separator+dbpath; String imgurl = localPath+File.separator+dbpath;
imgurl = imgurl.replace("..", "").replace("../", "");
inputStream = new BufferedInputStream(new FileInputStream(imgurl)); inputStream = new BufferedInputStream(new FileInputStream(imgurl));
outputStream = response.getOutputStream(); outputStream = response.getOutputStream();
byte[] buf = new byte[1024]; byte[] buf = new byte[1024];