Merge pull request from GHSA-h5gf-cmm8-cg7c

This commit is contained in:
link 2024-02-04 11:08:01 +08:00 committed by GitHub
parent 4d2b65e34c
commit 3f4558e23c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -13,6 +13,7 @@ import (
"os"
"path"
"path/filepath"
"regexp"
"strconv"
"strings"
"time"
@ -667,6 +668,16 @@ func GetUserImage(c *gin.Context) {
return
}
matched, err := regexp.MatchString(`^/var/lib/casaos/\d`, filePath)
if err != nil {
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
return
}
if !matched {
c.JSON(http.StatusNotFound, model.Result{Success: common_err.INSUFFICIENT_PERMISSIONS, Message: common_err.GetMsg(common_err.INSUFFICIENT_PERMISSIONS)})
return
}
fileTmp, _ := os.Open(filePath)
defer fileTmp.Close()