DeleteFile 加上权限验证

YiSha.Util/YiSha.Util/FileHelper.cs

@@ -147,6 +147,8 @@ public static TData<string> DeleteFile(int fileModule, string filePath)
                 obj.Message = "请先选择文件！";
                 return obj;
             }
+
+            filePath = FilterFilePath(filePath);
             filePath = "Resource" + Path.DirectorySeparatorChar + dirModule + Path.DirectorySeparatorChar + filePath;
             string absoluteDir = Path.Combine(GlobalContext.HostingEnvironment.ContentRootPath, filePath);
             try
@@ -178,8 +180,7 @@ public static TData<string> DeleteFile(int fileModule, string filePath)
         /// <returns></returns>
         public static TData<FileContentResult> DownloadFile(string filePath, int delete)
         {
-            filePath = filePath.Replace("../", string.Empty);
-            filePath = filePath.TrimStart('/');
+            filePath = FilterFilePath(filePath);
             if (!filePath.StartsWith("wwwroot") && !filePath.StartsWith("Resource"))
             {
                 throw new Exception("非法访问");
@@ -301,5 +302,12 @@ public static TData CheckFileExtension(string fileExtension, string allowExtensi
             }
             return obj;
         }
+
+        public static string FilterFilePath(string filePath)
+        {
+            filePath = filePath.Replace("../", string.Empty);
+            filePath = filePath.TrimStart('/');
+            return filePath;
+        }
     }
 }

YiSha.Web/YiSha.Admin.Web/Controllers/FileController.cs

@@ -24,6 +24,7 @@ public async Task<TData<string>> UploadFile(int fileModule, IFormCollection file
 
         #region 删除单个文件
         [HttpPost]
+        [AuthorizeFilter]
         public TData<string> DeleteFile(int fileModule, string filePath)
         {
             TData<string> obj = FileHelper.DeleteFile(fileModule, filePath);