bugfix: arbitrary file reading

This commit is contained in:
710leo 2021-01-19 19:24:46 +08:00
parent c5ba127b9e
commit 5eec7c317c
1 changed files with 3 additions and 1 deletions

View File

@ -1,6 +1,8 @@
package http
import (
"path"
"github.com/didi/nightingale/src/modules/monapi/config"
"github.com/gin-gonic/gin"
@ -27,7 +29,7 @@ func tplNameGets(c *gin.Context) {
}
func tplGet(c *gin.Context) {
tplName := mustQueryStr(c, "tplName")
tplName := path.Base(mustQueryStr(c, "tplName"))
tplType := mustQueryStr(c, "tplType")
var filePath string