http文件服务器修复访问安全漏洞

This commit is contained in:
xiongziliang 2022-06-18 21:44:16 +08:00
parent d5570ad9b3
commit 6291ee704c

View File

@ -465,6 +465,12 @@ static string getFilePath(const Parser &parser,const MediaInfo &media_info, TcpS
path = rootPath;
url = parser.Url();
}
for (auto &ch : url) {
if (ch == '\\') {
//如果url中存在"\"这种目录是Windows样式的需要批量转换为标准的"/"; 防止访问目录权限外的文件
ch = '/';
}
}
auto ret = File::absolutePath(enableVhost ? media_info._vhost + url : url, path);
NoticeCenter::Instance().emitEvent(Broadcast::kBroadcastHttpBeforeAccess, parser, ret, static_cast<SockInfo &>(sender));
return ret;