We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
symphony/src/main/java/org/b3log/symphony/processor/FileUploadProcessor.java
Line 119 in fee069d
这段代码用于确保getFile()函数获取的文件的路径在UPLOAD_LOCAL_DIR目录上,但实际上这个判断语句对于文件路径符合/UPLOAD_LOCAL_DIR*/模板的文件也将返回真。
如UPLOAD_LOCAL_DIR = "/home/safe", 文件路径为"/home/safe_bak/filename", 因为文件路径是以"/home/safe"开头,所以会返回真。这就使得用户可以获取符合"/home/safe*/"特征目录下的文件。
如图所示:
使用 java.nio.files.Path.startsWith() 来替代原来的比较,该函数将对路径进行比较,而不是子字符串. 如果继续使用String.startWith()来比较路径, 需要确保被比较的路径以File.separator结尾, 如 String.startsWith(Symphonys.UPLOAD_LOCAL_DIR).getCanonicalPath() + File.separator).
String.startsWith(Symphonys.UPLOAD_LOCAL_DIR).getCanonicalPath() + File.separator).
The text was updated successfully, but these errors were encountered:
感谢指出问题,稍后修复。
Sorry, something went wrong.
🔒 对于文件所在合法目录判断上的缺陷 #76
d604a3a
代码已经提交,麻烦帮忙再看看是否已经修复,多谢。
已修复
88250
No branches or pull requests
描述:
symphony/src/main/java/org/b3log/symphony/processor/FileUploadProcessor.java
Line 119 in fee069d
这段代码用于确保getFile()函数获取的文件的路径在UPLOAD_LOCAL_DIR目录上,但实际上这个判断语句对于文件路径符合/UPLOAD_LOCAL_DIR*/模板的文件也将返回真。
如UPLOAD_LOCAL_DIR = "/home/safe", 文件路径为"/home/safe_bak/filename", 因为文件路径是以"/home/safe"开头,所以会返回真。这就使得用户可以获取符合"/home/safe*/"特征目录下的文件。
如图所示:
修复
使用 java.nio.files.Path.startsWith() 来替代原来的比较,该函数将对路径进行比较,而不是子字符串.
如果继续使用String.startWith()来比较路径, 需要确保被比较的路径以File.separator结尾, 如
String.startsWith(Symphonys.UPLOAD_LOCAL_DIR).getCanonicalPath() + File.separator).
代码位置:
symphony/src/main/java/org/b3log/symphony/processor/FileUploadProcessor.java
Line 119 in fee069d
The text was updated successfully, but these errors were encountered: