一点点清洁工作

2024-02-16 11:17:55 +08:00 · 2024-02-16 11:17:55 +08:00 · 7743e2db67
commit 7743e2db67
parent a8902fd449
2 changed files with 2 additions and 8 deletions
--- a/controllers/HomeController.php
+++ b/controllers/HomeController.php
@ -56,12 +56,10 @@ class HomeController extends Controller
     */
    public function actionIndex($directory = null)
    {
-        //Warning: Security Vulnerability: access via $directory parameter = ../ will display the internal files of the server
        if (Yii::$app->user->isGuest) {
            return $this->redirect(Yii::$app->user->loginUrl);
        }
-        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']);
-        $userId = Yii::$app->user->id;
+        $rootDataDirectory = Yii::getAlias(Yii::$app->params['dataDirectory']) . '/' . Yii::$app->user->id;

        if ($directory === '.' || $directory == null) {
            $directory = null;
@ -71,7 +69,7 @@ class HomeController extends Controller
        } else {
            $parentDirectory = dirname($directory);
        }
-        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $userId, $directory ?: '.']));
+        $directoryContents = $this->getDirectoryContents(join(DIRECTORY_SEPARATOR, [$rootDataDirectory, $directory ?: '.']));
        foreach ($directoryContents as $key => $item) {
            $relativePath = $directory ? $directory . '/' . $item : $item;
            $absolutePath = Yii::getAlias('@app') . '/data/' . Yii::$app->user->id . '/' . $relativePath;
--- a/web/js/home_script.js
+++ b/web/js/home_script.js
@ -95,10 +95,6 @@ $(document).on('click', '.batch-zip-btn', function () {
    $('#zipModal').modal('show');
 });

-
-
-
-
 $(document).on('click', '.unzip-btn', function () {
    console.log('解压按钮被点击');
    // 在这里添加你的代码