From 57ff884a07bd97bebedf76cde5a60dd3ebdfa9bf Mon Sep 17 00:00:00 2001
From: whycxzp <perryhsu@163.com>
Date: 星期五, 20 十月 2023 17:26:15 +0800
Subject: [PATCH] 路径遍历缺陷19

---
 src/main/java/com/whyc/controller/FaceController.java |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/whyc/controller/FaceController.java b/src/main/java/com/whyc/controller/FaceController.java
index 004aa61..da1483c 100644
--- a/src/main/java/com/whyc/controller/FaceController.java
+++ b/src/main/java/com/whyc/controller/FaceController.java
@@ -235,6 +235,8 @@
     public Response delete(@RequestParam Integer uId,@RequestParam Integer faceId,
                          @RequestParam String uName,HttpServletRequest request){
 
+        //杩囨护 uName鐨勭壒娈婂瓧绗�,閬垮厤璺緞閬嶅巻鏀诲嚮
+        uName = ActionUtil.filterFileName(uName);
         //鏇存柊user_inf鍜宖ace琛�
         service.update(uId,faceId);
 

--
Gitblit v1.9.1