XinanXf/ferry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix issue 240: Arbitrary File Deletion vulnerability in task API'

Browse Source
This commit is contained in:
Liouxiao 2021-12-27 17:02:22 +08:00
parent 9ab37a3b87
commit 2618bd4bc9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apis/process/task.go
View File

@ -198,7 +198,7 @@ func UpdateTask(c *gin.Context) {
// 删除任务
func DeleteTask(c *gin.Context) {
fullName := c.DefaultQuery("full_name", "")
if fullName == "" {
if fullName == "" || Strings.Contains(fullName, "/") {
app.Error(c, -1, errors.New("参数不正确请确定参数full_name是否传递"), "")
return
}