public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-05-14 04:12:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix:【漏洞】修复删除下载任务时,路径遍历漏洞

Browse Source
This commit is contained in:
tjlygdx
2026-05-06 16:10:19 +08:00
parent 17fe77b38b
commit dba0803723
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
core/core-backend/src/main/java/io/dataease/exportCenter/manage/ExportCenterManage.java
View File

@@ -22,6 +22,7 @@ import io.dataease.log.DeLog;
import io.dataease.model.ExportTaskDTO;
import io.dataease.system.manage.SysParameterManage;
import io.dataease.utils.*;
import io.dataease.visualization.dao.auto.entity.CoreStore;
import io.dataease.visualization.dao.auto.entity.VisualizationWatermark;
import io.dataease.visualization.dao.auto.mapper.VisualizationWatermarkMapper;
import io.dataease.visualization.dao.ext.mapper.ExtDataVisualizationMapper;
@@ -90,16 +91,20 @@ public class ExportCenterManage implements BaseExportApi {
}
public void delete(String id) {
Iterator<Map.Entry<String, Future>> iterator = Running_Task.entrySet().iterator();
while (iterator.hasNext()) {
Map.Entry<String, Future> entry = iterator.next();
if (entry.getKey().equalsIgnoreCase(id)) {
entry.getValue().cancel(true);
iterator.remove();
QueryWrapper<CoreExportTask> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("id", id);
if (exportTaskMapper.exists(queryWrapper)) {
Iterator<Map.Entry<String, Future>> iterator = Running_Task.entrySet().iterator();
while (iterator.hasNext()) {
Map.Entry<String, Future> entry = iterator.next();
if (entry.getKey().equalsIgnoreCase(id)) {
entry.getValue().cancel(true);
iterator.remove();
}
}
FileUtils.deleteDirectoryRecursively(exportData_path + id);
exportTaskMapper.deleteById(id);
}
FileUtils.deleteDirectoryRecursively(exportData_path + id);
exportTaskMapper.deleteById(id);
}
public void deleteAll(String type) {