gout.FormFile 上传文件的路径被完整暴露
Closed this issue · 2 comments
value:="./resource/cloud.jpg"
formData[name] = gout.FormFile(value)
--b10d0d12920e1acd0098afdde537b4dd778ac2a12c8bb2f9780dbf19497f..Content-Disposition: form-data; name="media"; filename="./resource/cloud.jpg"..Content-Type: application/octet-stream..........JFIF......................................!....".....$ ( !&1...!1-%)/.... 383-7(-.+...........+...++++++++++++++++++++++++++++++++++++++++++++++++++...........".......................................5..........................!1..AQaq.2..."B.3.......r...........................................................?..L..............................................................................................................m..5a*.....%...x/.@.....j...-lmt.>..r.=R..!(v....w.w.u...k.<G.....[e..}....o+{./..O...^.............................M.N6.#...[.Y.......$..................^.j...............-.....:.............xu.v.r.6rU.U.w..Jx..-...x.^e.......E...X.YX2..7..e.;N..+...hV.n..%..[K..._.;.h...#I..5)u..Pn>ia..K.=..j..=KP..Z..IK<.r.tx|.Oc.c......N..t)S......B.........)+..m....;..pTW...k...r....=..54.6...yF@...................YX..R..V.qJ.W:mi.....7.r..a..6..V{.5wn....iB..."....g..|.}s....}..n.3...m....E......G.ri...e.m,(F."...a%......r...|).y.C..r...........U.Q...m..E;D.W....->.4]:.....n)...9..@w.m.....z.).....m..px.O......`v...z....i..ppM.g...r.z.....g......w+...M.....q......%:E...]+.....a....%......a......................Zo..{cxCy.[J..K...>h.<.iy,/..f.J..q%.....M..........~.K.z8.i..[.v..b...>...R....O.IuK..../.Z.n.zgu'......r..m......j......R.....$.R..lm.o......*.r.j....].<?.I..XSdgr.u......;j.5.K.M....q.....54.V.........=...4..h._'Q..F<.9x$.<7...m-..{........T..SN...9$.T............cJW......,....R...i5..S..u....:.K.ec....Yp.....c....j...4.8,$.^.a#...d.........................................................................................................--
以上是抓包获取到数据,
Content-Disposition: form-data; name="media"; filename="./resource/cloud.jpg" 中,filename放置到是我们的全路径,请问改怎么可以变成只有文件名称?
有方法的. 参考下 #247
fixed, thx