wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2026-06-10 05:27:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

【优化】前端上传接口增加数据校验,防止出现恶意提交脚本数据的问题。

Browse Source
This commit is contained in:
大灰灰
2024-08-20 12:06:01 +08:00
parent 0386eb43de
commit 032149cbb9
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
CoreCms.Net.Web.WebApi/Controllers/CommonController.cs
View File

@@ -353,18 +353,6 @@ namespace CoreCms.Net.Web.WebApi.Controllers
var fileName = file.FileName; var fileName = file.FileName;
var fileExt = Path.GetExtension(fileName).ToLowerInvariant(); var fileExt = Path.GetExtension(fileName).ToLowerInvariant();
// 使用StreamReader来读取文件内容
using (var reader = new StreamReader(file.OpenReadStream(), Encoding.UTF8))
{
var content = await reader.ReadToEndAsync(); // 注意:这可能会消耗大量内存对于大文件,所以需要限制上传大小
// 检查内容是否合法
if (CommonHelper.CheckData(content))
{
jm.msg = "请勿提交非法数据。";
return jm;
}
}
//检查大小 //检查大小
if (file.Length > maxSize) if (file.Length > maxSize)
{ {
@@ -380,6 +368,18 @@ namespace CoreCms.Net.Web.WebApi.Controllers
return jm; return jm;
} }
// 使用StreamReader来读取文件内容
using (var reader = new StreamReader(file.OpenReadStream(), Encoding.UTF8))
{
var content = await reader.ReadToEndAsync(); // 注意:这可能会消耗大量内存对于大文件,所以需要限制上传大小
// 检查内容是否合法
if (CommonHelper.CheckData(content))
{
jm.msg = "请勿提交非法数据。";
return jm;
}
}
var url = string.Empty; var url = string.Empty;
if (filesStorageOptions.StorageType == GlobalEnumVars.FilesStorageOptionsType.LocalStorage.ToString()) if (filesStorageOptions.StorageType == GlobalEnumVars.FilesStorageOptionsType.LocalStorage.ToString())
{ {