XinanXf/ferry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #245 from liouxiao/fix-issue-240

Browse Source 
fix issue 240: Arbitrary File Deletion vulnerability in task API'
This commit is contained in:
lanyulei 2022-08-23 14:21:49 +08:00 committed by GitHub
commit 871aceb422
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apis/process/task.go
View File

@ -198,7 +198,7 @@ func UpdateTask(c *gin.Context) {
// 删除任务 // 删除任务
func DeleteTask(c *gin.Context) { func DeleteTask(c *gin.Context) {
fullName := c.DefaultQuery("full_name", "") fullName := c.DefaultQuery("full_name", "")
if fullName == "" { if fullName == "" || Strings.Contains(fullName, "/") {
app.Error(c, -1, errors.New("参数不正确请确定参数full_name是否传递"), "") app.Error(c, -1, errors.New("参数不正确请确定参数full_name是否传递"), "")
return return
} }