Browse Source
Merge pull request #678 from songzhibin97/gva_gormv2_dev
fix:修复可能会绕过删除的漏洞
main
奇淼(piexlmax
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
7 additions and
0 deletions
-
server/service/system/sys_autocode_history.go
|
|
|
@ -61,6 +61,13 @@ func (autoCodeHistoryService *AutoCodeHistoryService) RollBack(id uint) error { |
|
|
|
// 删除文件
|
|
|
|
|
|
|
|
for _, path := range strings.Split(md.AutoCodePath, ";") { |
|
|
|
|
|
|
|
// 增加安全判断补丁:
|
|
|
|
_path, err := filepath.Abs(path) |
|
|
|
if err != nil || _path != path { |
|
|
|
continue |
|
|
|
} |
|
|
|
|
|
|
|
// 迁移
|
|
|
|
nPath := filepath.Join(global.GVA_CONFIG.AutoCode.Root, |
|
|
|
"rm_file", time.Now().Format("20060102"), filepath.Base(filepath.Dir(filepath.Dir(path))), filepath.Base(filepath.Dir(path)), filepath.Base(path)) |
|
|
|
|
