Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
修复issue#34中的bug
问题的根源在于TreeMethod.java中的searchNode()有可能把上级子树中同名文件当成我们希望打开的文件。
bug复现:PHP一句话webshell位于/var/www/dvwa/hackable/uploads
我们有一个user文件夹(/var/www/dvwa/hackable/user/user/),我们想从其父目录(/var/www/dvwa/hackable/user/)中,通过右侧窗口通过右弹出键菜单栏-打开。
于此同时,存在另一个目录(/var/www/dvwa/users/).
在(/var/www/dvwa/hackable/user/)中,通过右侧窗口通过右键弹出菜单栏-打开进入(/var/www/dvwa/hackable/user/user/)时,会发现右侧区域正确进入了(/var/www/dvwa/hackable/user/user/)。左侧的目录树路径却进入了(/var/www/dvwa/hackable/user/).
原因在于,searchNode(root, name)方法通过广度优先搜索寻找名字为name的节点(此处的name不包含路径,因此在上述例子中,name为user)。该方法一旦找到name的同名节点就直接return,因此,在上例中(/var/www/dvwa/hackable/user/)节点被返回给左侧,然而我们希望返回(/var/www/dvwa/hackable/user/user/)...
目录结构见截图:
所以,我在TreeMethod.java中新增了一个searchNodeByAbsolutePath(root,abpath)方法,并在FileManagerPopMenu.java中用它替换掉searchNode(root,name)方法。
新的方法根据节点相对于根节点的绝对路径abpath来判断是否return,而非依据name,经过测试,该BUG已经修复。
谨慎起见,原searchNode(root,name),我仍然保留,其他调用searchNode(root,name)方法的文件我也未修改