From bd9af4f9f9f574c1bab6613449ca678a6522d70a Mon Sep 17 00:00:00 2001
From: whycxzp <perryhsu@163.com>
Date: 星期五, 20 十月 2023 17:26:15 +0800
Subject: [PATCH] 路径遍历缺陷18

---
 src/main/java/com/whyc/controller/LicenseController.java |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/whyc/controller/LicenseController.java b/src/main/java/com/whyc/controller/LicenseController.java
index cf234d7..d740366 100644
--- a/src/main/java/com/whyc/controller/LicenseController.java
+++ b/src/main/java/com/whyc/controller/LicenseController.java
@@ -177,6 +177,8 @@
 
     //灏唒ri_key.ksm銆俻ub_key.ksm鏂囦欢鎷疯礉鑷砶sm鏂囦欢涓嬬劧鍚庤鍙杅ileName:/config/pri_key.ksm
     public static String getRealPath(String fileName){
+        //杩囨护鐗规畩瀛楃,閬垮厤璺緞閬嶅巻鏀诲嚮
+        fileName = ActionUtil.filterFileName(fileName);
         ClassPathResource classPathResource = new ClassPathResource("/config/"+fileName);
         InputStream inputStream_pub = null;
         ApplicationHome applicationHome = new ApplicationHome(LicenseController.class);
@@ -200,6 +202,8 @@
         return fileDirName;
     }
     public static void createFile(String pathName) {
+        //杩囨护鐗规畩瀛楃,閬垮厤璺緞閬嶅巻鏀诲嚮
+        pathName = ActionUtil.filterFileName(pathName);
         File dir = new File(pathName);
         if (!dir.exists()) {// 鍒ゆ柇鐩綍鏄惁瀛樺湪
             dir.mkdir();

--
Gitblit v1.9.1