fix vulnerability
This commit is contained in:
parent
34b74ff308
commit
6f14f00478
|
@ -497,6 +497,7 @@ class AnnouncementsController < ApplicationController
|
|||
end
|
||||
def get_file
|
||||
@url = request.path
|
||||
render :text => "Path not allow",:status => 404 if @url.match(/\/\.\./)
|
||||
begin
|
||||
file = BulletinFile.find(params[:id])
|
||||
if File.basename(file.file.path) != URI.decode(params[:f_name])
|
||||
|
|
Loading…
Reference in New Issue