From 2618bd4bc9c57c5b0dfd85b0048ac1e6646434d9 Mon Sep 17 00:00:00 2001
From: Liouxiao <liouxiao@gmail.com>
Date: Mon, 27 Dec 2021 17:02:22 +0800
Subject: [PATCH] fix issue 240: Arbitrary File Deletion vulnerability in task
 API'

---
 apis/process/task.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apis/process/task.go b/apis/process/task.go
index 3dd3b03..bdc560e 100644
--- a/apis/process/task.go
+++ b/apis/process/task.go
@@ -198,7 +198,7 @@ func UpdateTask(c *gin.Context) {
 // 删除任务
 func DeleteTask(c *gin.Context) {
 	fullName := c.DefaultQuery("full_name", "")
-	if fullName == "" {
+	if fullName == "" || Strings.Contains(fullName, "/") {
 		app.Error(c, -1, errors.New("参数不正确，请确定参数full_name是否传递"), "")
 		return
 	}