pengjunjie/JeecgBoot
1
0
Fork 1
mirror of https://github.com/jeecgboot/JeecgBoot.git synced 2026-01-01 01:25:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

JeecgBoot 3.1.0 版本发布,基于代码生成器的企业级低代码平台

Browse Source
This commit is contained in:
zhangdaiscott
2022-03-01 22:13:54 +08:00
parent 6f3f2b90c8
commit 4ff43c8212
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/CommonController.java
View File

@ -76,7 +76,7 @@ public class CommonController {
String bizPath = request.getParameter("biz");
//LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞
if(bizPath.contains("../") || bizPath.contains("..\\")){
if (oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"))) {
throw new JeecgBootException("上传目录bizPath格式非法");
}

2
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysUploadController.java
View File

@ -37,7 +37,7 @@ public class SysUploadController {
String bizPath = request.getParameter("biz");
//LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞
if(bizPath.contains("../") || bizPath.contains("..\\")){
if (oConvertUtils.isNotEmpty(bizPath) && (bizPath.contains("../") || bizPath.contains("..\\"))) {
throw new JeecgBootException("上传目录bizPath格式非法");
}