From c89493d6e94747667e2dfe6ba1af2f10b30ce546 Mon Sep 17 00:00:00 2001 From: xxq250 Date: Thu, 17 Oct 2024 16:06:26 +0800 Subject: [PATCH] =?UTF-8?q?fixed=20get=5Ffile=20request.referer=20?= =?UTF-8?q?=E9=98=B2=E7=9B=97=E9=93=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 0ee0363af..0746f3d1b 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -30,8 +30,7 @@ class AttachmentsController < ApplicationController def get_file - Rails.logger.info("request.host===#{request.host}") - Rails.logger.info("request.referer===#{request.referer}") + tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.","")) normal_status(-1, "参数缺失") if params[:download_url].blank? url = base_url.starts_with?("https:") ? params[:download_url].to_s.gsub("http:", "https:") : params[:download_url].to_s md5_file = Digest::MD5.hexdigest(params[:download_url])