github/dootask
1
0
Fork 0
mirror of https://github.com/kuaifan/dootask.git synced 2025-12-13 12:02:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复高危bug

Browse Source
This commit is contained in:
weifashi 2023-12-28 23:15:22 +08:00
parent 5aded9daa3
commit 4104dea68e
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/IndexController.php
View File

@ -321,6 +321,10 @@ class IndexController extends InvokeController
$data = parse_url($key); $data = parse_url($key);
$path = Arr::get($data, 'path'); $path = Arr::get($data, 'path');
$file = public_path($path); $file = public_path($path);
// 防止 ../ 穿越获取到系统文件
if (strpos(realpath($file), public_path()) !== 0) {
return abort(404);
}
// //
if (file_exists($file)) { if (file_exists($file)) {
parse_str($data['query'], $query); parse_str($data['query'], $query);

4
app/Module/Base.php
View File

@ -2117,7 +2117,7 @@ class Base
} }
$scaleName = ""; $scaleName = "";
if ($param['fileName']) { if ($param['fileName']) {
$fileName = $param['fileName']; $fileName = basename($param['fileName']);
} else { } else {
if ($param['scale'] && is_array($param['scale'])) { if ($param['scale'] && is_array($param['scale'])) {
list($width, $height) = $param['scale']; list($width, $height) = $param['scale'];
@ -2276,7 +2276,7 @@ class Base
if ($param['fileName'] === true) { if ($param['fileName'] === true) {
$fileName = $file->getClientOriginalName(); $fileName = $file->getClientOriginalName();
} elseif ($param['fileName']) { } elseif ($param['fileName']) {
$fileName = $param['fileName']; $fileName = basename($param['fileName']);
} else { } else {
if ($param['scale'] && is_array($param['scale'])) { if ($param['scale'] && is_array($param['scale'])) {
list($width, $height) = $param['scale']; list($width, $height) = $param['scale'];