amass/ZLMediaKit
1
0
Fork 0
mirror of https://github.com/ZLMediaKit/ZLMediaKit.git synced 2024-11-23 03:10:04 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

http文件服务器修复访问安全漏洞

Browse Source
This commit is contained in:
xiongziliang 2022-06-18 21:44:16 +08:00
parent d5570ad9b3
commit 6291ee704c
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Http/HttpFileManager.cpp
View File

@ -465,6 +465,12 @@ static string getFilePath(const Parser &parser,const MediaInfo &media_info, TcpS
path = rootPath; path = rootPath;
url = parser.Url(); url = parser.Url();
} }
for (auto &ch : url) {
if (ch == '\\') {
//如果url中存在"\"这种目录是Windows样式的需要批量转换为标准的"/"; 防止访问目录权限外的文件
ch = '/';
}
}
auto ret = File::absolutePath(enableVhost ? media_info._vhost + url : url, path); auto ret = File::absolutePath(enableVhost ? media_info._vhost + url : url, path);
NoticeCenter::Instance().emitEvent(Broadcast::kBroadcastHttpBeforeAccess, parser, ret, static_cast<SockInfo &>(sender)); NoticeCenter::Instance().emitEvent(Broadcast::kBroadcastHttpBeforeAccess, parser, ret, static_cast<SockInfo &>(sender));
return ret; return ret;