From b91919258e00d91e74e585cc473bc6aa5ff5b4fb Mon Sep 17 00:00:00 2001
From: whycxzp <perryhsu@163.com>
Date: 星期五, 20 十月 2023 17:26:15 +0800
Subject: [PATCH] 路径遍历缺陷12

---
 src/main/java/com/whyc/service/UserWorkService.java |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/whyc/service/UserWorkService.java b/src/main/java/com/whyc/service/UserWorkService.java
index ec0d57f..7e30a07 100644
--- a/src/main/java/com/whyc/service/UserWorkService.java
+++ b/src/main/java/com/whyc/service/UserWorkService.java
@@ -6,6 +6,7 @@
 import com.whyc.mapper.UserWorkMapper;
 import com.whyc.mapper.WorkAlarmMapper;
 import com.whyc.pojo.UserWork;
+import com.whyc.util.ActionUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.system.ApplicationHome;
 import org.springframework.core.env.Environment;
@@ -153,6 +154,8 @@
 
 
     public Response deleteAlarmFile(String fileNames, int stationId, String afterOrBefore) {
+        //杩囨护鐗规畩瀛楃,閬垮厤璺緞閬嶅巻鏀诲嚮
+        afterOrBefore = ActionUtil.filterFileName(afterOrBefore);
         String names[] = fileNames.split(",");
         String fileDirName = "";
         int configType = Integer.parseInt(environment.getProperty("configFile.type"));

--
Gitblit v1.9.1