fix: 修复任意文件上传漏洞

2026-06-12 08:21:09 +08:00 · 2024-03-05 10:42:44 +08:00
parent c8bdeaaf12
commit 6b68ace139
1 changed files with 1 additions and 1 deletions
--- a/core/backend/src/main/java/io/dataease/service/sys/PluginService.java
+++ b/core/backend/src/main/java/io/dataease/service/sys/PluginService.java
@@ -65,7 +65,7 @@ public class PluginService {
    }

    private void checkFileName(String fileName){
-        if(StringUtils.isEmpty(fileName) || !fileName.endsWith(".jar") || fileName.contains("../")){
+        if(StringUtils.isEmpty(fileName) || !fileName.endsWith(".zip") || fileName.contains("../")){
            DataEaseException.throwException("非法的文件名: " + fileName);
        }
    }