🔒 对于文件所在合法目录判断上的缺陷 #76

88250 · Jun 9, 2023 · d604a3a · d604a3a
1 parent fee069d
commit d604a3a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/main/java/org/b3log/symphony/processor/FileUploadProcessor.java b/src/main/java/org/b3log/symphony/processor/FileUploadProcessor.java
@@ -64,7 +64,7 @@
  *
  * @author <a href="http://88250.b3log.org">Liang Ding</a>
  * @author <a href="http://vanessa.b3log.org">Liyuan Li</a>
- * @version 3.0.0.0, Feb 11, 2020
+ * @version 3.0.1.0, Jun 9, 2023
  * @since 1.4.0
  */
 @Singleton
@@ -116,7 +116,7 @@ public void getFile(final RequestContext context) {
         try {
             if (!FileUtil.isExistingFile(new File(path)) ||
                     !FileUtil.isExistingFolder(new File(Symphonys.UPLOAD_LOCAL_DIR)) ||
-                    !new File(path).getCanonicalPath().startsWith(new File(Symphonys.UPLOAD_LOCAL_DIR).getCanonicalPath())) {
+                    !Path.of(path).normalize().startsWith(Path.of(Symphonys.UPLOAD_LOCAL_DIR).normalize())) {
                 context.sendError(404);
                 return;
             }