修复路径穿越

This commit is contained in:
whyour
2026-06-01 13:49:32 +08:00
parent ca347c5854
commit c0b7527148
2 changed files with 10 additions and 1 deletions
+4 -1
View File
@@ -262,7 +262,10 @@ export async function readDir(
baseDir: string = '',
blacklist: string[] = [],
): Promise<IFile[]> {
const absoluteDir = path.join(baseDir, dir);
const absoluteDir = path.resolve(baseDir, dir);
if (!absoluteDir.startsWith(path.resolve(baseDir))) {
return [];
}
const relativePath = path.relative(baseDir, absoluteDir);
try {