From 4104dea68e5f4ec86dee9657f746e4fe20b81560 Mon Sep 17 00:00:00 2001 From: weifashi <605403358@qq.com> Date: Thu, 28 Dec 2023 23:15:22 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=20=E4=BF=AE=E5=A4=8D=E9=AB=98=E5=8D=B1b?= =?UTF-8?q?ug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Controllers/IndexController.php | 4 ++++ app/Module/Base.php | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/IndexController.php b/app/Http/Controllers/IndexController.php index 1555b55bc..80d9020c4 100755 --- a/app/Http/Controllers/IndexController.php +++ b/app/Http/Controllers/IndexController.php @@ -321,6 +321,10 @@ class IndexController extends InvokeController $data = parse_url($key); $path = Arr::get($data, 'path'); $file = public_path($path); + // 防止 ../ 穿越获取到系统文件 + if (strpos(realpath($file), public_path()) !== 0) { + return abort(404); + } // if (file_exists($file)) { parse_str($data['query'], $query); diff --git a/app/Module/Base.php b/app/Module/Base.php index 3781ae88d..3780c9c99 100755 --- a/app/Module/Base.php +++ b/app/Module/Base.php @@ -2117,7 +2117,7 @@ class Base } $scaleName = ""; if ($param['fileName']) { - $fileName = $param['fileName']; + $fileName = basename($param['fileName']); } else { if ($param['scale'] && is_array($param['scale'])) { list($width, $height) = $param['scale']; @@ -2276,7 +2276,7 @@ class Base if ($param['fileName'] === true) { $fileName = $file->getClientOriginalName(); } elseif ($param['fileName']) { - $fileName = $param['fileName']; + $fileName = basename($param['fileName']); } else { if ($param['scale'] && is_array($param['scale'])) { list($width, $height) = $param['scale'];