我正在使用 multer 在我的应用程序中上传文件。\n例如: https: //github.com/expressjs/multer/blob/master/README.md
\n\n路径遍历漏洞可能存在吗?如果是,请告诉我们如何阻止这种情况?
\n\n目前,我正在使用下面的代码。我只是想确认一下,是否存在文件漏洞风险?请给出意见。
\n\nvar storage = multer.diskStorage({\ndestination: function(req, file, cb) {\n cb(null, \'uploads/\');\n},\nfilename: function (req, file, cb) {\n console.log(file);\n var ext = file.originalname.split(\'.\').pop();\n cb(null, Date.now() + \'_\' + file.originalname);\n}});\n\nconst fileFilter = (req, file, cb) => {\n // Accept or reject the file based on if MIME type is found in accepted list\n if (acceptedMimeTypes.indexOf(file.mimetype) < 0) {\n return cb("\xe3\x82\xa8\xe3\x83\xa9\xe3\x83\xbc\xef\xbc\x9a\xe3\x81\x93\xe3\x81\xae\xe3\x82\xbf\xe3\x82\xa4\xe3\x83\x97\xe3\x81\xae\xe3\x83\x95\xe3\x82\xa1\xe3\x82\xa4\xe3\x83\xab\xe3\x81\xaf\xe3\x82\xa2\xe3\x83\x83\xe3\x83\x97\xe3\x83\xad\xe3\x83\xbc\xe3\x83\x89\xe3\x81\xa7\xe3\x81\x8d\xe3\x81\xbe\xe3\x81\x9b\xe3\x82\x93\xe3\x80\x82ZIP\xe5\xbd\xa2\xe5\xbc\x8f\xe3\x81\xa8LZH\xe5\xbd\xa2\xe5\xbc\x8f\xe3\x81\xae\xe3\x83\x95\xe3\x82\xa1\xe3\x82\xa4\xe3\x83\xab\xe3\x81\xae\xe3\x81\xbf\xe3\x82\xa2\xe3\x83\x83\xe3\x83\x97\xe3\x83\xad\xe3\x83\xbc\xe3\x83\x89\xe3\x81\x97\xe3\x81\xa6\xe3\x81\x8f\xe3\x81\xa0\xe3\x81\x95\xe3\x81\x84\xe3\x80\x82", false) // Error: You can\'t upload files of this type. Please upload …我有一个 xml,我想读取它的<block>节点。但是当我在 XPath 下执行时,它给了我一个错误。
我试图解析的 xml:
let x = `<xml>
<block type="block_onGreenFlagClicked" id=";]jZ*Zs|[L-Sr{nhCB%V" x="25" y="0">
<field name="NAME1">When</field>
<statement name="function_name">
<block type="helper_Player__walkSecondsDrop" id="9lo_/{gKTxB6/FRH2Pw">
<field name="LABEL">Player.</field>
<field name="DROP_Player__walkSecondsDrop$">walkForwardForNSeconds</field>
</block>
</statement>
</block>
</xml>`;
let doms = new DOMParser()
let v = doms.parseFromString(x, 'text/xml')
let r = v.evaluate('/block',v, null, XPathResult.ANY_TYPE, null)
下面是结果说:
let x = `<xml>
<block type="block_onGreenFlagClicked" id=";]jZ*Zs|[L-Sr{nhCB%V" x="25" y="0">
<field name="NAME1">When</field>
<statement name="function_name">
<block type="helper_Player__walkSecondsDrop" id="9lo_/{gKTxB6/FRH2Pw">
<field name="LABEL">Player.</field>
<field name="DROP_Player__walkSecondsDrop$">walkForwardForNSeconds</field>
</block>
</statement>
</block>
</xml>`;
let doms = new DOMParser()
let …当我导入一个.md文件时,它给了我错误,说它无法读取这个特定的文件.md file syntax,我知道需要某种加载器来解析导入,但是当我在网上查看时,有一个名为的加载器'markdown-loader'仅用于markednpm 包。
我正在使用react-markdownpackage 来读取 md 文件
/* eslint-disable react/prefer-stateless-function */
import React, { Component } from 'react';
import ReactMarkdown from 'react-markdown';
import AppMarkdown from './posts/sample.md';
// import PropTypes from 'prop-types';
class CardDetails extends Component {
constructor() {
super();
this.state = { markdown: '' };
}
componentDidMount() {
// Get the contents from the Markdown file and put them in the React state, so we can reference it in …javascript ×2
express ×1
markdown ×1
node.js ×1
reactjs ×1
webpack ×1
xml ×1
xml-parsing ×1
xpath ×1