Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-12-16 22:50:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 Some security vulnerabilities https://github.com/siyuan-note/siyuan/issues/13426

Browse source
This commit is contained in:
Daniel 2024-12-11 17:15:54 +08:00
parent 2b5a9f9f1a
commit e70ed57f6e
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
5 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
kernel/model/upload.go
View file

@ -132,6 +132,11 @@ func Upload(c *gin.Context) {
if nil != form.Value["assetsDirPath"] {
relAssetsDirPath = form.Value["assetsDirPath"][0]
assetsDirPath = filepath.Join(util.DataDir, relAssetsDirPath)
if !util.IsAbsPathInWorkspace(assetsDirPath) {
ret.Code = -1
ret.Msg = "Path [" + assetsDirPath + "] is not in workspace"
return
}
}
if !gulu.File.IsExist(assetsDirPath) {
if err = os.MkdirAll(assetsDirPath, 0755); err != nil {