From 54722453ee109a1c82cfe199851642a96a8de80c Mon Sep 17 00:00:00 2001
From: SamHsu <wafts-lampoon.4o@icloud.com>
Date: Mon, 23 Jun 2025 01:50:42 -0700
Subject: [PATCH] feat: add validation for chunk parameters in file upload
 function

---
 app/function.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/function.php b/app/function.php
index 08ef5c5..ea3bdac 100644
--- a/app/function.php
+++ b/app/function.php
@@ -1827,6 +1827,10 @@ function chunk($target_name)
     $target_file = APP_ROOT . $config['path'] . 'cache/' . $target_name;
     // 储存分片
     if (!is_dir($temp_dir)) mkdir($temp_dir, 0755, true);
+    // 检查分片参数
+    if (!is_numeric($_REQUEST['chunk']) || !is_numeric($_REQUEST['chunks'])) {
+        die('Invalid input'); // or die('Invalid input');
+    }
     // 移动缓存分片
     move_uploaded_file($_FILES['file']['tmp_name'], $temp_dir . $_REQUEST['chunk']);
     // 合并分片