forked from mirror/gin
parent
f67d7a90c4
commit
1542eff27f
|
@ -364,6 +364,10 @@ ids: map[b:hello a:1234], names: map[second:tianou first:thinkerou]
|
|||
|
||||
References issue [#774](https://github.com/gin-gonic/gin/issues/774) and detail [example code](examples/upload-file/single).
|
||||
|
||||
`file.Filename` **SHOULD NOT** be trusted. See [`Content-Disposition` on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition#Directives) and [#1693](https://github.com/gin-gonic/gin/issues/1693)
|
||||
|
||||
> The filename is always optional and must not be used blindly by the application: path information should be stripped, and conversion to the server file system rules should be done.
|
||||
|
||||
```go
|
||||
func main() {
|
||||
router := gin.Default()
|
||||
|
|
|
@ -3,6 +3,7 @@ package main
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
@ -25,7 +26,8 @@ func main() {
|
|||
files := form.File["files"]
|
||||
|
||||
for _, file := range files {
|
||||
if err := c.SaveUploadedFile(file, file.Filename); err != nil {
|
||||
filename := filepath.Base(file.Filename)
|
||||
if err := c.SaveUploadedFile(file, filename); err != nil {
|
||||
c.String(http.StatusBadRequest, fmt.Sprintf("upload file err: %s", err.Error()))
|
||||
return
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package main
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
@ -23,7 +24,8 @@ func main() {
|
|||
return
|
||||
}
|
||||
|
||||
if err := c.SaveUploadedFile(file, file.Filename); err != nil {
|
||||
filename := filepath.Base(file.Filename)
|
||||
if err := c.SaveUploadedFile(file, filename); err != nil {
|
||||
c.String(http.StatusBadRequest, fmt.Sprintf("upload file err: %s", err.Error()))
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue