From 59cb3c0b072a3ee88db1b12446f8d2f57866ae2b Mon Sep 17 00:00:00 2001
From: tjlygdx <tjlygdx@163.com>
Date: Wed, 10 Jun 2026 10:55:29 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=B7=AF=E5=BE=84?=
 =?UTF-8?q?=E7=A9=BF=E8=B6=8A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../manage/ExportCenterManage.java            | 18 ++++++++--
 .../java/io/dataease/utils/FileUtils.java     | 36 ++++++++++++-------
 2 files changed, 40 insertions(+), 14 deletions(-)

diff --git a/core/core-backend/src/main/java/io/dataease/exportCenter/manage/ExportCenterManage.java b/core/core-backend/src/main/java/io/dataease/exportCenter/manage/ExportCenterManage.java
index 4d1b8b335d..4b6805e14b 100644
--- a/core/core-backend/src/main/java/io/dataease/exportCenter/manage/ExportCenterManage.java
+++ b/core/core-backend/src/main/java/io/dataease/exportCenter/manage/ExportCenterManage.java
@@ -52,6 +52,8 @@ import io.dataease.api.permissions.user.vo.UserFormVO;
 
 import java.lang.reflect.Method;
 import java.net.InetAddress;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.*;
 import java.util.concurrent.Future;
 
@@ -136,7 +138,7 @@ public class ExportCenterManage implements BaseExportApi {
         exportTask.setExportMachineName(hostName());
         exportTask.setExportTime(System.currentTimeMillis());
         exportTaskMapper.updateById(exportTask);
-        FileUtils.deleteDirectoryRecursively(exportData_path + id);
+        FileUtils.deleteDirectoryRecursively(resolveExportTaskDirectory(id));
         if (exportTask.getExportFromType().equalsIgnoreCase("chart")) {
             ChartExcelRequest request = JsonUtil.parseObject(exportTask.getParams(), ChartExcelRequest.class);
             exportCenterDownLoadManage.startViewTask(exportTask, request);
@@ -375,10 +377,22 @@ public class ExportCenterManage implements BaseExportApi {
                 iterator.remove();
             }
         }
-        FileUtils.deleteDirectoryRecursively(exportData_path + id);
+        FileUtils.deleteDirectoryRecursively(resolveExportTaskDirectory(id));
         exportTaskMapper.deleteById(id);
     }
 
+    private Path resolveExportTaskDirectory(String taskId) {
+        if (StringUtils.isBlank(taskId) || !StringUtils.isNumeric(taskId)) {
+            DEException.throwException("任务不存在");
+        }
+        Path exportBasePath = Paths.get(exportData_path).toAbsolutePath().normalize();
+        Path exportTaskPath = exportBasePath.resolve(taskId).normalize();
+        if (!exportTaskPath.startsWith(exportBasePath)) {
+            DEException.throwException("Invalid export task path");
+        }
+        return exportTaskPath;
+    }
+
     public CoreExportTask validateDownloadTask(String id, String ticket) {
         if (StringUtils.isBlank(ticket)) {
             DEException.throwException(Translator.get("i18n_download_link_invalid"));
diff --git a/sdk/common/src/main/java/io/dataease/utils/FileUtils.java b/sdk/common/src/main/java/io/dataease/utils/FileUtils.java
index 4039b8cb83..5692cc9822 100644
--- a/sdk/common/src/main/java/io/dataease/utils/FileUtils.java
+++ b/sdk/common/src/main/java/io/dataease/utils/FileUtils.java
@@ -10,7 +10,9 @@ import org.springframework.web.multipart.MultipartFile;
 import java.io.*;
 import java.nio.channels.FileChannel;
 import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.Arrays;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -294,21 +296,31 @@ public class FileUtils {
 
 
     public static boolean deleteDirectoryRecursively(String directoryPath) {
-        File directory = new File(directoryPath);
-        if (!directory.exists()) {
+        Assert.hasText(directoryPath, "Directory path must not be blank");
+        return deleteDirectoryRecursively(Paths.get(directoryPath));
+    }
+
+    public static boolean deleteDirectoryRecursively(Path directory) {
+        Assert.notNull(directory, "Directory path must not be null");
+        Path normalizedDirectory = directory.toAbsolutePath().normalize();
+        if (Files.notExists(normalizedDirectory, LinkOption.NOFOLLOW_LINKS)) {
             return true;
         }
-
-        File[] files = directory.listFiles();
-        if (files != null) {
-            for (File file : files) {
-                if (file.isDirectory()) {
-                    deleteDirectoryRecursively(file.getAbsolutePath());
-                } else {
-                    boolean deletionSuccess = file.delete();
-                }
+        File[] files = normalizedDirectory.toFile().listFiles();
+        if (files == null) {
+            return normalizedDirectory.toFile().delete();
+        }
+        for (File file : files) {
+            Path child = file.toPath().toAbsolutePath().normalize();
+            if (!child.startsWith(normalizedDirectory)) {
+                DEException.throwException("Invalid directory path");
+            }
+            if (Files.isDirectory(child, LinkOption.NOFOLLOW_LINKS)) {
+                deleteDirectoryRecursively(child);
+            } else {
+                file.delete();
             }
         }
-        return directory.delete();
+        return normalizedDirectory.toFile().delete();
     }
 }