Skip to content

G
gin-vue-admin

FLIPPED-AURORA / gin-vue-admin
9 个月 前同步成功

通知 324
Star 18154
Fork 5505
G
gin-vue-admin

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 4f34be76 编写于 作者: Mr.奇淼('s avatar Mr.奇淼( 提交者: GitHub
浏览文件
操作

Merge pull request #678 from songzhibin97/gva_gormv2_dev 

fix:修复可能会绕过删除的漏洞
上级 46df3759 6c798aff
隐藏空白更改
内联 并排
Showing with 7 addition and 0 deletion
server/service/system/sys_autocode_history.go
浏览文件 @ 4f34be76
...@@ -61,6 +61,13 @@ func (autoCodeHistoryService *AutoCodeHistoryService) RollBack(id uint) error { ...@@ -61,6 +61,13 @@ func (autoCodeHistoryService *AutoCodeHistoryService) RollBack(id uint) error {
// 删除文件 // 删除文件
for _, path := range strings.Split(md.AutoCodePath, ";") { for _, path := range strings.Split(md.AutoCodePath, ";") {
// 增加安全判断补丁:
_path, err := filepath.Abs(path)
if err != nil || _path != path {
continue
}
// 迁移 // 迁移
nPath := filepath.Join(global.GVA_CONFIG.AutoCode.Root, nPath := filepath.Join(global.GVA_CONFIG.AutoCode.Root,
"rm_file", time.Now().Format("20060102"), filepath.Base(filepath.Dir(filepath.Dir(path))), filepath.Base(filepath.Dir(path)), filepath.Base(path)) "rm_file", time.Now().Format("20060102"), filepath.Base(filepath.Dir(filepath.Dir(path))), filepath.Base(filepath.Dir(path)), filepath.Base(path))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册