fix: 修复目录穿越问题

2025-04-19 05:34:52 +00:00 · 2023-04-23 16:59:11 +08:00
parent e082043f99
commit 6aefc107e7
1 changed files with 1 additions and 1 deletions
--- a/src/main/java/im/zhaojun/zfile/module/storage/service/impl/LocalServiceImpl.java
+++ b/src/main/java/im/zhaojun/zfile/module/storage/service/impl/LocalServiceImpl.java
@@ -257,7 +257,7 @@ public class LocalServiceImpl extends AbstractProxyTransferService<LocalParam> {
    private static void checkPathSecurity(String... paths) {
        for (String path : paths) {
            // 路径中不能包含 .. 不然可能会获取到上层文件夹的内容
-            if (StrUtil.containsAny(path, "../", "..\\")) {
+            if (StrUtil.startWith(path, "/..") || StrUtil.containsAny(path, "../", "..\\")) {
                throw new IllegalArgumentException("文件路径存在安全隐患: " + path);
            }
        }