From e95bf521dd892235aa09ca91f2df5318a0008046 Mon Sep 17 00:00:00 2001
From: xuewenG <gexuewen@outlook.com>
Date: Tue, 17 Dec 2024 02:32:29 +0800
Subject: [PATCH] fix: check img path

---
 backend/handler/memo.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/handler/memo.go b/backend/handler/memo.go
index e04f1a2..0262927 100644
--- a/backend/handler/memo.go
+++ b/backend/handler/memo.go
@@ -63,7 +63,7 @@ func (m MemoHandler) RemoveImage(c echo.Context) error {
 		return FailResp(c, ParamError)
 	}
 
-	if !strings.HasPrefix(req.Img, "/upload/") {
+	if !strings.HasPrefix(req.Img, "/upload/") || strings.Contains(req.Img, "..") {
 		return SuccessResp(c, h{})
 	}