gitee
/
file-online-preview
mirror of https://gitee.com/kekingcn/file-online-preview
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

修复压缩文件目录穿越漏洞

pull/28/head
陈精华 2021-06-23 12:25:14 +08:00
parent 79341b2c8e
commit 922e1e6ac4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/main/java/cn/keking/service/CompressFileReader.java
View File

@ -55,7 +55,7 @@ public class CompressFileReader {
List<Map<String, ZipArchiveEntry>> entriesToBeExtracted = new LinkedList<>();
while (entries.hasMoreElements()) {
ZipArchiveEntry entry = entries.nextElement();
String fullName = entry.getName();
String fullName = entry.getName().replaceAll("//", "").replaceAll("\\\\", "");
int level = fullName.split(archiveSeparator).length;
// 展示名
String originName = getLastFileName(fullName, archiveSeparator);
@ -151,7 +151,7 @@ public class CompressFileReader {
List<Map<String, SevenZArchiveEntry>> entriesToBeExtracted = new ArrayList<>();
while (newEntries.hasMoreElements()) {
SevenZArchiveEntry entry = newEntries.nextElement();
String fullName = entry.getName();
String fullName = entry.getName().replaceAll("//", "").replaceAll("\\\\", "");
int level = fullName.split(archiveSeparator).length;
// 展示名
String originName = getLastFileName(fullName, archiveSeparator);