github/cosin
1
0
Fork 0
mirror of https://github.com/chatopera/cosin.git synced 2025-06-16 18:30:03 +08:00
Code Issues Releases Wiki Activity

Merge pull request #756 from Nrtp/master

Browse Source 
修复ssrf漏洞
This commit is contained in:
Hai Liang W 2022-10-28 09:40:38 +08:00 committed by GitHub
commit 046a6748c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java
View File

@ -44,6 +44,7 @@ import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import java.util.regex.Pattern;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@ -100,6 +101,9 @@ public class MediaController extends Handler {
if (StringUtils.isBlank(url)) {
return;
}
if(!Pattern.matches("^https?://.*/.*$", url)) { //只允许http/https协议
return;
}
byte[] data = new byte[1024];
int length = 0;
OutputStream out = response.getOutputStream();