From c3b66e66bf6d70a561190cd8da7f4df7b141931d Mon Sep 17 00:00:00 2001 From: liukuo Date: Sun, 6 Feb 2022 13:36:32 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8F=AA=E5=85=81=E8=AE=B8=E4=B8=8B=E8=BD=BD?= =?UTF-8?q?=20Resource=20=E5=92=8C=20wwwroot=20=E7=9B=AE=E5=BD=95=E4=B8=8B?= =?UTF-8?q?=E7=9A=84=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- YiSha.Util/YiSha.Util/FileHelper.cs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/YiSha.Util/YiSha.Util/FileHelper.cs b/YiSha.Util/YiSha.Util/FileHelper.cs index 844dbbdd..3a0530e5 100644 --- a/YiSha.Util/YiSha.Util/FileHelper.cs +++ b/YiSha.Util/YiSha.Util/FileHelper.cs @@ -178,6 +178,12 @@ public static TData DeleteFile(int fileModule, string filePath) /// public static TData DownloadFile(string filePath, int delete) { + filePath = filePath.Replace("../", string.Empty); + filePath = filePath.TrimStart('/'); + if (!filePath.StartsWith("wwwroot") && !filePath.StartsWith("Resource")) + { + throw new Exception("非法访问"); + } TData obj = new TData(); string absoluteFilePath = GlobalContext.HostingEnvironment.ContentRootPath + Path.DirectorySeparatorChar + filePath.Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar); byte[] fileBytes = File.ReadAllBytes(absoluteFilePath); @@ -185,9 +191,10 @@ public static TData DownloadFile(string filePath, int delete) { File.Delete(absoluteFilePath); } + // md5 值 string fileNamePrefix = DateTime.Now.ToString("yyyyMMddHHmmss"); string fileNameWithoutExtension = Path.GetFileNameWithoutExtension(filePath); - string title = string.Empty; + string title = fileNameWithoutExtension; if (fileNameWithoutExtension.Contains("_")) { title = fileNameWithoutExtension.Split('_')[1].Trim();