一点点清洁工作

controllers/HomeController.php

@@ -56,12 +56,10 @@ class HomeController extends Controller
      */
     public function actionIndex($directory = null)
     {
-        //Warning: Security Vulnerability: access via $directory parameter = ../ will display the internal files of the server
         if (Yii::$app->user->isGuest) {
             return $this->redirect(Yii::$app->user->loginUrl);
         }
-        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']);
+        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;
-        $userId = Yii::$app->user->id;
 
         if ($directory === '.' || $directory == null) {
             $directory = null;
@@ -71,7 +69,7 @@ class HomeController extends Controller
         } else {
             $parentDirectory = dirname($directory);
         }
-        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $userId, $directory ?: '.']));
+        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $directory ?: '.']));
         foreach ($directoryContents as $key => $item) {
             $relativePath = $directory ? $directory . '/' . $item : $item;
             $absolutePath = Yii::getAlias('@app') . '/data/' . Yii::$app->user->id . '/' . $relativePath;

web/js/home_script.js

@@ -95,10 +95,6 @@ $(document).on('click', '.batch-zip-btn', function () {
     $('#zipModal').modal('show');
 });
 
-
-
-
-
 $(document).on('click', '.unzip-btn', function () {
     console.log('解压按钮被点击');
     // 在这里添加你的代码