chenx221/yii2-netdisk
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

实现文件/文件夹删除功能

Browse Source 
对传入参数存在的安全问题进行检查
This commit is contained in:
Chenx221 2024-02-12 13:02:28 +08:00
parent b4b45b3c6b
commit 69b8c80543
Signed by: chenx221
GPG Key ID: D7A9EC07024C3021
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/HomeController.php
View File

@ -114,7 +114,7 @@ class HomeController extends Controller
$relativePath = rawurldecode($relativePath);
// 检查相对路径是否只包含允许的字符
if (!preg_match('/^[\w\-.\/\s]+$/u', $relativePath)) {
if (!preg_match('/^[\w\-.\/\s]+$/u', $relativePath) || $relativePath === '.' || $relativePath === '..' || str_contains($relativePath, '../')) {
throw new NotFoundHttpException('Invalid file path.');
}
@ -151,7 +151,7 @@ class HomeController extends Controller
$relativePath = rawurldecode($relativePath);
// 检查相对路径是否只包含允许的字符
if (!preg_match('/^[\w\-.\/\s]+$/u', $relativePath)) {
if (!preg_match('/^[\w\-.\/\s]+$/u', $relativePath) || $relativePath === '.' || $relativePath === '..' || str_contains($relativePath, '../')) {
throw new NotFoundHttpException('Invalid file path.');
}
@ -195,7 +195,7 @@ class HomeController extends Controller
{
$relativePath = Yii::$app->request->post('relativePath');
$relativePath = rawurldecode($relativePath);
if (!preg_match('/^[\w\-.\/\s]+$/u', $relativePath)) {
if (!preg_match('/^[\w\-.\/\s]+$/u', $relativePath) || $relativePath === '.' || $relativePath === '..' || str_contains($relativePath, '../')) {
throw new NotFoundHttpException('Invalid file path.');
}
$absolutePath = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id . '/' . $relativePath;