1Panel-dev/1Panel
1
1
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-12-19 05:49:02 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

解决目录遍历漏洞问题 (#10586)

Browse source
This commit is contained in:
Isaac 2025-10-09 16:01:00 +08:00 committed by GitHub
parent f977a2488d
commit 39509ad9a8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/init/router/router.go
View file

@ -30,6 +30,10 @@ func setWebStatic(rootRouter *gin.RouterGroup) {
rootRouter.Static("/api/v2/images", path.Join(global.CONF.Base.InstallDir, "1panel/uploads/theme"))
rootRouter.GET("/assets/*filepath", func(c *gin.Context) {
c.Writer.Header().Set("Cache-Control", fmt.Sprintf("private, max-age=%d", 3600))
if c.Request.URL.Path[len(c.Request.URL.Path)-1] == '/' {
c.AbortWithStatus(http.StatusForbidden)
return
}
staticServer := http.FileServer(http.FS(web.Assets))
staticServer.ServeHTTP(c.Writer, c.Request)
})