mirror of
https://github.com/ZLMediaKit/ZLMediaKit.git
synced 2024-11-22 19:00:01 +08:00
修复逻辑判断不严禁XSS攻击,server在windows debug运行时拒绝服务攻击:#2213
This commit is contained in:
parent
4783ac0808
commit
a5c3db4ee1
@ -496,6 +496,10 @@ void HttpFileManager::onAccessPath(Session &sender, Parser &parser, const HttpFi
|
|||||||
auto fullUrl = string(HTTP_SCHEMA) + "://" + parser["Host"] + parser.FullUrl();
|
auto fullUrl = string(HTTP_SCHEMA) + "://" + parser["Host"] + parser.FullUrl();
|
||||||
MediaInfo media_info(fullUrl);
|
MediaInfo media_info(fullUrl);
|
||||||
auto file_path = getFilePath(parser, media_info, sender);
|
auto file_path = getFilePath(parser, media_info, sender);
|
||||||
|
if (file_path.size() == 0) {
|
||||||
|
sendNotFound(cb);
|
||||||
|
return;
|
||||||
|
}
|
||||||
//访问的是文件夹
|
//访问的是文件夹
|
||||||
if (File::is_dir(file_path.data())) {
|
if (File::is_dir(file_path.data())) {
|
||||||
auto indexFile = searchIndexFile(file_path);
|
auto indexFile = searchIndexFile(file_path);
|
||||||
|
Loading…
Reference in New Issue
Block a user