github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix vulnerability while deleting backup file

pull/755/head
johnniang 2019-12-13 00:28:51 +08:00
parent d59877a9ce
commit 2056f528fd
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/run/halo/app/service/impl/BackupServiceImpl.java
View File

@ -214,8 +214,13 @@ public class BackupServiceImpl implements BackupService {
public void deleteHaloBackup(String fileName) {
Assert.hasText(fileName, "File name must not be blank");
Path backupRootPath = Paths.get(haloProperties.getBackupDir());
// Get backup path
Path backupPath = Paths.get(haloProperties.getBackupDir(), fileName);
Path backupPath = backupRootPath.resolve(fileName);
// Check directory traversal
run.halo.app.utils.FileUtils.checkDirectoryTraversal(backupRootPath, backupPath);
try {
// Delete backup file