fix: can read js in ../

pull/556/head
qkqpttgf 2022-02-18 18:24:13 +08:00 committed by GitHub
parent 5433fe0522
commit 8d6864f145
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions

View File

@ -177,6 +177,7 @@ function main($path)
if (isset($_GET['jsFile'])) { if (isset($_GET['jsFile'])) {
if (substr($_GET['jsFile'], -3)!='.js') return output('', 403); if (substr($_GET['jsFile'], -3)!='.js') return output('', 403);
if (!($path==''||$path=='/')) return output('', 308, [ 'Location' => path_format($_SERVER['base_path'] . '/?jsFile=' . $_GET['jsFile']) ]); if (!($path==''||$path=='/')) return output('', 308, [ 'Location' => path_format($_SERVER['base_path'] . '/?jsFile=' . $_GET['jsFile']) ]);
if (strpos($_GET['jsFile'], '/')>-1) $_GET['jsFile'] = splitlast($_GET['jsFile'], '/')[1];
$jsFile = file_get_contents('js/' . $_GET['jsFile']); $jsFile = file_get_contents('js/' . $_GET['jsFile']);
if (!!$jsFile) { if (!!$jsFile) {
return output( base64_encode($jsFile), 200, [ 'Content-Type' => 'text/javascript; charset=utf-8', 'Cache-Control' => 'max-age=' . 3*24*60*60 ], true ); return output( base64_encode($jsFile), 200, [ 'Content-Type' => 'text/javascript; charset=utf-8', 'Cache-Control' => 'max-age=' . 3*24*60*60 ], true );