From 628450ded3b738f62f68bc2f7cb90804331eb201 Mon Sep 17 00:00:00 2001
From: Pu Zhibing <393733352@qq.com>
Date: 星期二, 18 二月 2025 15:10:59 +0800
Subject: [PATCH] 修复上传文件漏洞
---
ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/controller/FileController.java | 23 ++++++++++++++++++++++-
1 files changed, 22 insertions(+), 1 deletions(-)
diff --git a/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/controller/FileController.java b/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/controller/FileController.java
index 9c04233..4f6954b 100644
--- a/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/controller/FileController.java
+++ b/ruoyi-service/ruoyi-account/src/main/java/com/ruoyi/account/controller/FileController.java
@@ -1,17 +1,23 @@
package com.ruoyi.account.controller;
+import com.alibaba.fastjson2.util.UUIDUtils;
import com.ruoyi.account.config.FileUploadConfig;
import com.ruoyi.common.core.web.domain.AjaxResult;
+import com.ruoyi.common.security.service.TokenService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
+import javax.annotation.Resource;
import java.io.File;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
/**
* 文件上传控制类
@@ -26,12 +32,22 @@
@Autowired
private FileUploadConfig fileUploadConfig;
+
+ @Resource
+ private TokenService tokenService;
+
+ @Resource
+ private RedisTemplate redisTemplate;
@ApiOperation(value = "单文件上传", notes = "单文件上传,rename 默认不重命名")
@PostMapping(value = "upload", headers = "content-type=multipart/form-data")
public AjaxResult uploadImageMany(@RequestParam(value = "file") MultipartFile mf) throws IOException {
+ Long userId = tokenService.getLoginUserApplet().getUserId();
+ if(null == userId){
+ return AjaxResult.error("请先登录");
+ }
if (mf.isEmpty()) {
return AjaxResult.error("请传入文件!");
}
@@ -44,18 +60,23 @@
}
// 获取文件名称
String filename = mf.getOriginalFilename();
+ if(filename.contains("../")){
+ filename = filename.replaceAll("\\.\\./", "");
+ }
// 获取文件后缀
- String ext = filename.substring(filename.lastIndexOf(".") + 1, filename.length());
+ String ext = filename.substring(filename.lastIndexOf(".") + 1);
// 检查文件类型
if (!fileUploadConfig.getAllowExt().contains(ext)) {
return AjaxResult.error("上传文件格式不正确,仅支持" + fileUploadConfig.getAllowExt());
}
+ filename = UUID.randomUUID() + "." + ext;
File targetFile = new File(realPath, filename);//目标文件
//开始从源文件拷贝到目标文件
//传图片一步到位
mf.transferTo(targetFile);
//拼接数据
String imgstr = fileUploadConfig.getAccessPath() + TimeDir +"/"+ filename;
+ redisTemplate.opsForValue().set("file:" + userId, filename, 1, TimeUnit.HOURS);
return AjaxResult.success(imgstr);
}
--
Gitblit v1.7.1