github/cosin
1
0
Fork 0
mirror of https://github.com/chatopera/cosin.git synced 2025-06-16 18:30:03 +08:00
Code Issues Releases Wiki Activity

fix 任意文件读取

Browse Source 
Signed-off-by: fntr <2292534337@qq.com>
This commit is contained in:
fntr 2024-03-22 22:40:01 +08:00
parent 5a92f2776f
commit db8f2c1d35
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contact-center/app/src/main/java/com/cskefu/cc/controller/resource/MediaController.java
View File

@ -166,7 +166,7 @@ public class MediaController extends Handler {
@RequestMapping("/template")
@Menu(type = "resouce", subtype = "template")
public void template(HttpServletResponse response, HttpServletRequest request, @Valid String filename) throws IOException {
if (StringUtils.isNotBlank(filename)) {
if (StringUtils.isNotBlank(filename) && !(filename.contains("../") || filename.contains("..\\"))) {
InputStream is = MediaController.class.getClassLoader().getResourceAsStream(TEMPLATE_DATA_PATH + filename);
if (is != null) {
response.setContentType("text/plain");