diff --git a/ruoyi-modules/ruoyi-demo/src/main/java/org/dromara/demo/controller/MailController.java b/ruoyi-modules/ruoyi-demo/src/main/java/org/dromara/demo/controller/MailController.java index 01f50449f..6fc5a17ba 100644 --- a/ruoyi-modules/ruoyi-demo/src/main/java/org/dromara/demo/controller/MailController.java +++ b/ruoyi-modules/ruoyi-demo/src/main/java/org/dromara/demo/controller/MailController.java @@ -1,6 +1,5 @@ package org.dromara.demo.controller; -import cn.dev33.satoken.annotation.SaIgnore; import lombok.RequiredArgsConstructor; import org.dromara.common.core.domain.R; import org.dromara.common.mail.utils.MailUtils; @@ -18,7 +17,6 @@ import java.util.Arrays; * * @author Michelle.Chung */ -@SaIgnore @Validated @RequiredArgsConstructor @RestController @@ -44,11 +42,11 @@ public class MailController { * @param to 接收人 * @param subject 标题 * @param text 内容 - * @param filePath 附件路径 */ @GetMapping("/sendMessageWithAttachment") - public R sendMessageWithAttachment(String to, String subject, String text, String filePath) { - MailUtils.sendText(to, subject, text, new File(filePath)); + public R sendMessageWithAttachment(String to, String subject, String text) { + // 附件路径 禁止前端传递 有任意读取系统文件风险 + MailUtils.sendText(to, subject, text, new File("/xxx/xxx")); return R.ok(); } @@ -58,10 +56,11 @@ public class MailController { * @param to 接收人 * @param subject 标题 * @param text 内容 - * @param paths 附件路径 */ @GetMapping("/sendMessageWithAttachments") - public R sendMessageWithAttachments(String to, String subject, String text, String[] paths) { + public R sendMessageWithAttachments(String to, String subject, String text) { + // 附件路径 禁止前端传递 有任意读取系统文件风险 + String[] paths = new String[]{"/xxx/xxx", "/xxx/xxx"}; File[] array = Arrays.stream(paths).map(File::new).toArray(File[]::new); MailUtils.sendText(to, subject, text, array); return R.ok();