acepanel/panel
2
0
Fork 0
mirror of https://github.com/acepanel/panel.git synced 2026-02-04 07:57:21 +08:00
Code Issues Packages Releases Activity

feat: 阻止删除关键目录

Browse Source
This commit is contained in:
耗子
2024-11-19 01:26:06 +08:00
parent dea96649d7
commit 112fc30437
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/service/file.go
View File

@@ -17,6 +17,7 @@ import (
"github.com/go-rat/chix"
"github.com/spf13/cast"
"github.com/TheTNB/panel/internal/app"
"github.com/TheTNB/panel/internal/biz"
"github.com/TheTNB/panel/internal/data"
"github.com/TheTNB/panel/internal/http/request"
@@ -117,6 +118,12 @@ func (s *FileService) Delete(w http.ResponseWriter, r *http.Request) {
return
}
banned := []string{"/", app.Root, filepath.Join(app.Root, "server"), filepath.Join(app.Root, "panel")}
if slices.Contains(banned, req.Path) {
Error(w, http.StatusForbidden, "please don't do this")
return
}
if err = io.Remove(req.Path); err != nil {
Error(w, http.StatusInternalServerError, "%v", err)
return