vinchent/gin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #1693: file.Filename should not be trusted (#1699)

Browse Source
This commit is contained in:
Ganlv
2018-12-17 08:13:07 +08:00
committed by thinkerou
parent f67d7a90c4
commit 1542eff27f
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/upload-file/multiple/main.go
View File

@ -3,6 +3,7 @@ package main
import (
"fmt"
"net/http"
"path/filepath"
"github.com/gin-gonic/gin"
)
@ -25,7 +26,8 @@ func main() {
files := form.File["files"]
for _, file := range files {
if err := c.SaveUploadedFile(file, file.Filename); err != nil {
filename := filepath.Base(file.Filename)
if err := c.SaveUploadedFile(file, filename); err != nil {
c.String(http.StatusBadRequest, fmt.Sprintf("upload file err: %s", err.Error()))
return
}

4
examples/upload-file/single/main.go
View File

@ -3,6 +3,7 @@ package main
import (
"fmt"
"net/http"
"path/filepath"
"github.com/gin-gonic/gin"
)
@ -23,7 +24,8 @@ func main() {
return
}
if err := c.SaveUploadedFile(file, file.Filename); err != nil {
filename := filepath.Base(file.Filename)
if err := c.SaveUploadedFile(file, filename); err != nil {
c.String(http.StatusBadRequest, fmt.Sprintf("upload file err: %s", err.Error()))
return
}