github/cosin
1
0
Fork 0
mirror of https://github.com/chatopera/cosin.git synced 2025-07-24 08:31:45 +08:00
Code Issues Releases Wiki Activity

修复ssrf漏洞

Browse Source 
Signed-off-by: Nrtp <niwk.tsui@qq.com>
This commit is contained in:
Nrtp 2022-10-27 21:17:37 +08:00
parent 622c8b7849
commit 1f068377a4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java
View File

@ -44,6 +44,7 @@ import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid;
import java.util.regex.Pattern;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@ -100,6 +101,9 @@ public class MediaController extends Handler {
if (StringUtils.isBlank(url)) {
return;
}
if(!Pattern.matches("^https?://.*/.*$", url)) { //只允许http/https协议
return;
}
byte[] data = new byte[1024];
int length = 0;
OutputStream out = response.getOutputStream();