public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-17 04:51:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复 20260616083022相关安全漏洞

Browse Source
This commit is contained in:
fit2cloud-chenyw
2026-06-16 11:53:13 +08:00
committed by fit2cloud-chenyw
parent 436a90307a
commit e160b6c42e
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/core-backend/src/main/java/io/dataease/share/interceptor/LinkInterceptor.java
View File

@@ -42,7 +42,7 @@ public class LinkInterceptor implements HandlerInterceptor {
String requestURI = ServletUtils.request().getRequestURI();
if (StringUtils.startsWith(requestURI, WhitelistUtils.getContextPath())) {
requestURI = requestURI.replaceFirst(WhitelistUtils.getContextPath(), "");
requestURI = StringUtils.replaceOnce(requestURI, WhitelistUtils.getContextPath(), "");
}
if (StringUtils.startsWith(requestURI, AuthConstant.DE_API_PREFIX)) {
requestURI = requestURI.replaceFirst(AuthConstant.DE_API_PREFIX, "");

4
sdk/common/src/main/java/io/dataease/utils/FileUtils.java
View File

@@ -74,8 +74,8 @@ public class FileUtils {
return filename;
}
public static void validateExist(String path) {
File dir = new File(path);
public static void validateExist(String path) throws IOException {
File dir = new File(path).getCanonicalFile();
if (dir.exists()) return;
dir.mkdirs();
}

2
sdk/common/src/main/java/io/dataease/utils/WhitelistUtils.java
View File

@@ -55,7 +55,7 @@ public class WhitelistUtils {
public static boolean match(String requestURI) {
invalidUrl(requestURI);
if (StringUtils.startsWith(requestURI, getContextPath())) {
requestURI = requestURI.replaceFirst(getContextPath(), "");
requestURI = StringUtils.replaceOnce(requestURI, getContextPath(), "");
}
if (StringUtils.startsWith(requestURI, AuthConstant.DE_API_PREFIX)) {
requestURI = requestURI.replaceFirst(AuthConstant.DE_API_PREFIX, "");