llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-09-09 20:52:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix upload file security issue (#1063)

Browse Source 
* fix: fix upload file security issue

* fix: fix
This commit is contained in:
q1anx1
2022-08-25 11:34:09 +08:00
committed by GitHub
parent 7b0b426a76
commit 411d76798d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
object/storage.go
View File

@@ -103,6 +103,11 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
} }
func UploadFileSafe(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffer) (string, string, error) { func UploadFileSafe(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffer) (string, string, error) {
// check fullFilePath is there security issue
if strings.Contains(fullFilePath, "..") {
return "", "", fmt.Errorf("the fullFilePath: %s is not allowed", fullFilePath)
}
var fileUrl string var fileUrl string
var objectKey string var objectKey string
var err error var err error