Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-07-13 00:31:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Prevent directory traversal attacks

Browse source
This commit is contained in:
Slendy 2022-09-22 17:11:17 -05:00
parent b26d96bacd
commit 2cf2e6622a
No known key found for this signature in database
GPG key ID: 7288D68361B91428
3 changed files with 20 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ProjectLighthouse.Servers.GameServer/Controllers/Resources/ResourcesController.cs
View file

@ -56,6 +56,12 @@ public class ResourcesController : ControllerBase
string path = FileHelper.GetResourcePath(hash);
string fullPath = Path.GetFullPath(path);
string basePath = Path.GetFullPath(FileHelper.ResourcePath);
// Prevent directory traversal attacks
if (!fullPath.StartsWith(basePath)) return this.BadRequest();
if (FileHelper.ResourceExists(hash)) return this.File(IOFile.OpenRead(path), "application/octet-stream");
return this.NotFound();