From c24cd14fd700b2846623d0c3e9683adb30c7062b Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 五月 2021 17:55:05 +0800
Subject: [PATCH] 修复两处存在SQL注入漏洞问题

---
 src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java b/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java
index 5b356e2..cb1474f 100644
--- a/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java
+++ b/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java
@@ -131,13 +131,12 @@
     {
         File desc = new File(uploadDir + File.separator + fileName);
 
-        if (!desc.getParentFile().exists())
-        {
-            desc.getParentFile().mkdirs();
-        }
         if (!desc.exists())
         {
-            desc.createNewFile();
+            if (!desc.getParentFile().exists())
+            {
+                desc.getParentFile().mkdirs();
+            }
         }
         return desc;
     }
@@ -186,6 +185,11 @@
                 throw new InvalidExtensionException.InvalidMediaExtensionException(allowedExtension, extension,
                         fileName);
             }
+            else if (allowedExtension == MimeTypeUtils.VIDEO_EXTENSION)
+            {
+                throw new InvalidExtensionException.InvalidVideoExtensionException(allowedExtension, extension,
+                        fileName);
+            }
             else
             {
                 throw new InvalidExtensionException(allowedExtension, extension, fileName);

--
Gitblit v1.9.3