fix(FsRemove): enhance validation to prevent unintended directory deletion

datao2001 · datao2001 · commit 9beb430936be · 2025-12-16T10:26:25.000+08:00
1. Use `utils.FixAndCleanPath` to correctly identify and block invalid names.
2. Change error handling from `return` to `continue`.

Signed-off-by: huyuantao &lt;huyuantao@ultrarisc.com&gt;
diff --git a/server/handles/fsmanage.go b/server/handles/fsmanage.go
@@ -282,9 +282,10 @@ func FsRemove(c *gin.Context) {
 		return
 	}
 	for _, name := range req.Names {
-		if name == "" {
-			common.ErrorStrResp(c, "Unexpected empty item name", 400)
-			return
+		// Skip invalid item names (empty string, whitespace, ".", "/","\t\t","..") to prevent accidental removal of current directory
+		if strings.TrimSpace(utils.FixAndCleanPath(name)) == "/" {
+			utils.Log.Warnf("FsRemove: invalid item skipped: %s (parent directory: %s)\n", name, reqDir)
+			continue
 		}
 		err := fs.Remove(c.Request.Context(), stdpath.Join(reqDir, name))
 		if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -282,9 +282,10 @@ func FsRemove(c *gin.Context) {`
`282`	`282`	`return`
`283`	`283`	`}`
`284`	`284`	`for _, name := range req.Names {`
`285`		`- if name == "" {`
`286`		`- common.ErrorStrResp(c, "Unexpected empty item name", 400)`
`287`		`- return`
	`285`	`+ // Skip invalid item names (empty string, whitespace, ".", "/","\t\t","..") to prevent accidental removal of current directory`
	`286`	`+ if strings.TrimSpace(utils.FixAndCleanPath(name)) == "/" {`
	`287`	`+ utils.Log.Warnf("FsRemove: invalid item skipped: %s (parent directory: %s)\n", name, reqDir)`
	`288`	`+ continue`
`288`	`289`	`}`
`289`	`290`	`err := fs.Remove(c.Request.Context(), stdpath.Join(reqDir, name))`
`290`	`291`	`if err != nil {`