From 7743e2db67caf62b7a5ab8c85b73a2719d159d2b Mon Sep 17 00:00:00 2001
From: Chenx221 <chenx221@yandex.com>
Date: Fri, 16 Feb 2024 11:17:55 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=80=E7=82=B9=E7=82=B9=E6=B8=85=E6=B4=81?=
 =?UTF-8?q?=E5=B7=A5=E4=BD=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controllers/HomeController.php | 6 ++----
 web/js/home_script.js          | 4 ----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/controllers/HomeController.php b/controllers/HomeController.php
index e36d44c..8848ba8 100644
--- a/controllers/HomeController.php
+++ b/controllers/HomeController.php
@@ -56,12 +56,10 @@ class HomeController extends Controller
      */
     public function actionIndex($directory = null)
     {
-        //Warning: Security Vulnerability: access via $directory parameter = ../ will display the internal files of the server
         if (Yii::$app->user->isGuest) {
             return $this->redirect(Yii::$app->user->loginUrl);
         }
-        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']);
-        $userId = Yii::$app->user->id;
+        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;
 
         if ($directory === '.' || $directory == null) {
             $directory = null;
@@ -71,7 +69,7 @@ class HomeController extends Controller
         } else {
             $parentDirectory = dirname($directory);
         }
-        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $userId, $directory ?: '.']));
+        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $directory ?: '.']));
         foreach ($directoryContents as $key => $item) {
             $relativePath = $directory ? $directory . '/' . $item : $item;
             $absolutePath = Yii::getAlias('@app') . '/data/' . Yii::$app->user->id . '/' . $relativePath;
diff --git a/web/js/home_script.js b/web/js/home_script.js
index 112c453..6b47ce0 100644
--- a/web/js/home_script.js
+++ b/web/js/home_script.js
@@ -95,10 +95,6 @@ $(document).on('click', '.batch-zip-btn', function () {
     $('#zipModal').modal('show');
 });
 
-
-
-
-
 $(document).on('click', '.unzip-btn', function () {
     console.log('解压按钮被点击');
     // 在这里添加你的代码