mirror of
https://github.com/KaySar12/NextZen-UserService.git
synced 2025-03-15 23:25:35 +07:00
Merge pull request from GHSA-h5gf-cmm8-cg7c
This commit is contained in:
parent
4d2b65e34c
commit
3f4558e23c
@ -13,6 +13,7 @@ import (
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
@ -667,6 +668,16 @@ func GetUserImage(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
matched, err := regexp.MatchString(`^/var/lib/casaos/\d`, filePath)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
|
||||
return
|
||||
}
|
||||
if !matched {
|
||||
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
|
||||
return
|
||||
}
|
||||
|
||||
fileTmp, _ := os.Open(filePath)
|
||||
defer fileTmp.Close()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user