mirror of
https://github.com/Grasscutters/Grasscutter.git
synced 2026-02-04 17:22:13 +01:00
55928d9154
* [Security][Bugfix] Fix directory traversal exploit 1.The first slash will act as root path when resolving local path, so directory traversal is possible 2.Filter the illegal payload to prevent directory traversal 3.This also fix the bug about not loading the files in data folder when querying `/hk4e/announcement/` * Fix formatting * Update src/main/java/emu/grasscutter/server/http/handlers/AnnouncementsHandler.java