From d2296fb6d2c646612d91788c236250971004b7a0 Mon Sep 17 00:00:00 2001
From: AnAngle <1323481023@qq.com>
Date: Fri, 4 Mar 2022 16:12:15 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E6=8E=A5=E5=8F=A3=E8=B0=83=E7=94=A8?=
 =?UTF-8?q?=E6=81=B6=E6=84=8F=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/io/metersphere/service/ResourceService.java   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/backend/src/main/java/io/metersphere/service/ResourceService.java b/backend/src/main/java/io/metersphere/service/ResourceService.java
index 0921044322..ef15b27977 100644
--- a/backend/src/main/java/io/metersphere/service/ResourceService.java
+++ b/backend/src/main/java/io/metersphere/service/ResourceService.java
@@ -28,8 +28,9 @@ public class ResourceService {
     }
 
     public ResponseEntity<FileSystemResource> getMdImage(String name) {
-        if (name.contains("/"))
+        if (name.contains("/")) {
             MSException.throwException(Translator.get("invalid_parameter"));
+        }
         File file = new File(FileUtils.MD_IMAGE_DIR + "/" + name);
         HttpHeaders headers = new HttpHeaders();
         String fileName = encodeFileName(file.getName());
@@ -65,6 +66,9 @@ public class ResourceService {
     }
 
     public void mdDelete(String fileName) {
+        if (fileName.contains("/")) {
+            MSException.throwException(Translator.get("invalid_parameter"));
+        }
         FileUtils.deleteFile(FileUtils.MD_IMAGE_DIR + "/" + fileName);
     }
 }