From 816af11db2139107065c90f6e0725ca8c676b384 Mon Sep 17 00:00:00 2001 From: lealife Date: Thu, 27 Oct 2016 16:37:12 +0800 Subject: [PATCH] =?UTF-8?q?=E9=98=B2=E6=AD=A2Unzip=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E6=81=B6=E6=84=8F=E6=94=BB=E5=87=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/lea/Debug.go | 28 ++++++++++++++++++---------- app/lea/archive/zip.go | 9 ++++++++- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/app/lea/Debug.go b/app/lea/Debug.go index 70fbf51..8472f61 100644 --- a/app/lea/Debug.go +++ b/app/lea/Debug.go @@ -1,26 +1,34 @@ package lea import ( - "encoding/json" - "fmt" - "github.com/revel/revel" + "encoding/json" + "fmt" + "github.com/revel/revel" ) -func Log(i interface{}) { - revel.INFO.Println(i) +func Log(i ...interface{}) { + revel.INFO.Println(i...) +} + +func LogW(i ...interface{}) { + revel.WARN.Println(i...) +} + +func Log1(key, i interface{}) { + revel.INFO.Println(key, i) } func LogJ(i interface{}) { - b, _ := json.MarshalIndent(i, "", " ") - revel.INFO.Println(string(b)) + b, _ := json.MarshalIndent(i, "", " ") + revel.INFO.Println(string(b)) } // 为test用 func L(i interface{}) { - fmt.Println(i) + fmt.Println(i) } func LJ(i interface{}) { - b, _ := json.MarshalIndent(i, "", " ") - fmt.Println(string(b)) + b, _ := json.MarshalIndent(i, "", " ") + fmt.Println(string(b)) } diff --git a/app/lea/archive/zip.go b/app/lea/archive/zip.go index 2f5346f..80a16a4 100644 --- a/app/lea/archive/zip.go +++ b/app/lea/archive/zip.go @@ -7,6 +7,7 @@ import ( "os" "path" "strings" + "github.com/leanote/leanote/app/lea" ) // main functions shows how to TarGz a directory/file and @@ -144,12 +145,18 @@ func Unzip(srcFilePath string, destDirPath string) (ok bool, msg string) { } defer r.Close() for _, f := range r.File { - // fmt.Println("FileName : ", f.Name); // j/aaa.zip + // fmt.Println("FileName : ", f.Name); // j/aaa.zip rc, err := f.Open() if err != nil { panic(err) } + // 包含恶意目录 + if strings.Contains(f.Name, "../") { + lea.LogW("恶意文件", f.Name); + continue + } + // 把首文件夹去掉, 即j去掉, 分离出文件夹和文件名 paths := strings.Split(f.Name, "/") prePath := ""