Skip to content

Commit f5f3f45

Browse files
author
piexlMax(奇淼
committed
feat: 增加文件名和路径合法性检查
1 parent d6ad2f6 commit f5f3f45

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

server/utils/breakpoint_continue.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,9 @@ const (
2424
//@return: error, string
2525

2626
func BreakPointContinue(content []byte, fileName string, contentNumber int, contentTotal int, fileMd5 string) (string, error) {
27+
if strings.Contains(fileName, "..") || strings.Contains(fileMd5, "..") {
28+
return "", errors.New("文件名或路径不合法")
29+
}
2730
path := breakpointDir + fileMd5 + "/"
2831
err := os.MkdirAll(path, os.ModePerm)
2932
if err != nil {
@@ -79,6 +82,9 @@ func makeFileContent(content []byte, fileName string, FileDir string, contentNum
7982
//@return: error, string
8083

8184
func MakeFile(fileName string, FileMd5 string) (string, error) {
85+
if strings.Contains(fileName, "..") || strings.Contains(FileMd5, "..") {
86+
return "", errors.New("文件名或路径不合法")
87+
}
8288
rd, err := os.ReadDir(breakpointDir + FileMd5)
8389
if err != nil {
8490
return finishDir + fileName, err
@@ -107,6 +113,9 @@ func MakeFile(fileName string, FileMd5 string) (string, error) {
107113
//@return: error
108114

109115
func RemoveChunk(FileMd5 string) error {
116+
if strings.Contains(FileMd5, "..") {
117+
return errors.New("路径不合法")
118+
}
110119
err := os.RemoveAll(breakpointDir + FileMd5)
111120
return err
112121
}

0 commit comments

Comments
 (0)