精简压缩包解析的无用代码

精简压缩包解析的无用代码

Signed-off-by: 高雄 <admin@cxcp.com>

server/src/main/java/cn/keking/web/controller/FileController.java

@@ -165,7 +165,10 @@ public class FileController {
             fileUrl = WebUtils.decodeUrl(urls);
         } catch (Exception ex) {
             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
-            return errorMsg;
+            return ReturnResponse.failure(errorMsg);
+        }
+        if (KkFileUtils.isIllegalFileName(fileUrl)) {
+            return ReturnResponse.failure("不允许访问的路径:");
         }
         return RarUtils.getTree(fileUrl);
     }