EWA

[更新] com.gdxsoft.easyweb.uploader.Upload 的目录限制

2016-05-23

包:com.gdxsoft.easyweb.uploader

类:Upload

方法:init

处理Upload_uploadDir目录时,对..和目录长度进行限制

public void init(HttpServletRequest request) {
    ...

    try {
        ...
        _uploadDir = DEFAULT_UPLOAD_PATH;
        UserXItem uxi = uc.getUserXItems().getItem(name);
        if (uxi.testName("Upload")) {
            _uploadName = uxi.getName();
            if (uxi.getItem("Upload").count() == 0) {
                System.err.println(_uploadName + "配置项信息不全,请修改配置文件");
                _uploadDir = null;
                return;
            }
            UserXItemValue u = uxi.getItem("Upload").getItem(0);
            if (u.testName("UpPath")) {
                String p = u.getItem("UpPath");
                if (!p.trim().equals("")) {
                    p = iv.replaceParameters(p, false);
                    if (p.indexOf("..") >= 0) { //避免出现 ../../../root的风险
                        System.err.println(this + "上传路径出现‘..’,被替换(" + p + ")-->");
                        p = p.replace("..", "");
                        System.err.println(p);
                    }
                    if (p.length() > 255) { //避免路嘉过长,超过系统限制
                        System.err.println(this + "上传路径长度超过255,被替换(" + p + ")-->");
                        p = DEFAULT_UPLOAD_PATH;
                        System.err.println(p);
                    }
                    _uploadDir = p;
                }
            }
            ...
        }
    } catch (Exception e) {
        System.err.println(e.getMessage());
        _uploadDir = null;
        return;
    }

    ...
}