public/dataease
1
0
Fork 0
mirror of https://github.com/dataease/dataease.git synced 2026-06-13 09:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 路径穿越

Browse Source
This commit is contained in:
tjlygdx
2026-06-10 11:09:09 +08:00
parent 57e90bdcc2
commit ed5ee3137f
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/core-backend/src/main/java/io/dataease/font/manage/FontManage.java
View File

@@ -27,6 +27,7 @@ import java.io.*;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
@@ -166,10 +167,9 @@ public class FontManage {
if (StringUtils.isEmpty(filename) || !filename.toLowerCase().endsWith(".ttf")) {
DEException.throwException("非法格式的文件!");
}
String suffix = filename.substring(filename.lastIndexOf(".") + 1).toLowerCase();
String fileTransName = fileNameUUID + "." + suffix;
String fileTransName = fileNameUUID + ".ttf";
Path filePath = resolveFontPath(fileTransName);
try (FileOutputStream fileOutputStream = new FileOutputStream(filePath.toFile())) {
try (OutputStream fileOutputStream = Files.newOutputStream(filePath, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)) {
fileOutputStream.write(file.getBytes());
fileOutputStream.flush();
}