From 067eb8d4bf7ac20b281122056ee8bc95d3113d81 Mon Sep 17 00:00:00 2001
From: liukuo <liukuo.lk@163.com>
Date: Thu, 10 Feb 2022 10:04:34 +0800
Subject: [PATCH] =?UTF-8?q?DeleteFile=20=E5=8A=A0=E4=B8=8A=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E9=AA=8C=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 YiSha.Util/YiSha.Util/FileHelper.cs                  | 12 ++++++++++--
 .../YiSha.Admin.Web/Controllers/FileController.cs    |  1 +
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/YiSha.Util/YiSha.Util/FileHelper.cs b/YiSha.Util/YiSha.Util/FileHelper.cs
index 3a0530e5..1b3da2f6 100644
--- a/YiSha.Util/YiSha.Util/FileHelper.cs
+++ b/YiSha.Util/YiSha.Util/FileHelper.cs
@@ -147,6 +147,8 @@ public static TData<string> DeleteFile(int fileModule, string filePath)
                 obj.Message = "请先选择文件！";
                 return obj;
             }
+
+            filePath = FilterFilePath(filePath);
             filePath = "Resource" + Path.DirectorySeparatorChar + dirModule + Path.DirectorySeparatorChar + filePath;
             string absoluteDir = Path.Combine(GlobalContext.HostingEnvironment.ContentRootPath, filePath);
             try
@@ -178,8 +180,7 @@ public static TData<string> DeleteFile(int fileModule, string filePath)
         /// <returns></returns>
         public static TData<FileContentResult> DownloadFile(string filePath, int delete)
         {
-            filePath = filePath.Replace("../", string.Empty);
-            filePath = filePath.TrimStart('/');
+            filePath = FilterFilePath(filePath);
             if (!filePath.StartsWith("wwwroot") && !filePath.StartsWith("Resource"))
             {
                 throw new Exception("非法访问");
@@ -301,5 +302,12 @@ public static TData CheckFileExtension(string fileExtension, string allowExtensi
             }
             return obj;
         }
+
+        public static string FilterFilePath(string filePath)
+        {
+            filePath = filePath.Replace("../", string.Empty);
+            filePath = filePath.TrimStart('/');
+            return filePath;
+        }
     }
 }
diff --git a/YiSha.Web/YiSha.Admin.Web/Controllers/FileController.cs b/YiSha.Web/YiSha.Admin.Web/Controllers/FileController.cs
index 5f25620e..48f00403 100644
--- a/YiSha.Web/YiSha.Admin.Web/Controllers/FileController.cs
+++ b/YiSha.Web/YiSha.Admin.Web/Controllers/FileController.cs
@@ -24,6 +24,7 @@ public async Task<TData<string>> UploadFile(int fileModule, IFormCollection file
 
         #region 删除单个文件
         [HttpPost]
+        [AuthorizeFilter]
         public TData<string> DeleteFile(int fileModule, string filePath)
         {
             TData<string> obj = FileHelper.DeleteFile(fileModule, filePath);