hoangvv/NextZen-UserService
1
0
Fork 0
mirror of https://github.com/KaySar12/NextZen-UserService.git synced 2025-03-15 23:25:35 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-h5gf-cmm8-cg7c

Browse Source
This commit is contained in:
link 2024-02-04 11:08:01 +08:00 committed by GitHub
parent 4d2b65e34c
commit 3f4558e23c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
route/v1/user.go
View File

@ -13,6 +13,7 @@ import (
"os"
"path"
"path/filepath"
"regexp"
"strconv"
"strings"
"time"
@ -667,6 +668,16 @@ func GetUserImage(c *gin.Context) {
return
}
matched, err := regexp.MatchString(`^/var/lib/casaos/\d`, filePath)
if err != nil {
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
return
}
if !matched {
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
return
}
fileTmp, _ := os.Open(filePath)
defer fileTmp.Close()