fix: 修复文件下载越权漏洞

08783679 · Cano1997 · 446b00d6 · 08783679 · 08783679 · 08783679
--- a/@EDITOR/文件上传（磁盘文件）/EDITOR.vue.ftl
+++ b/@EDITOR/文件上传（磁盘文件）/EDITOR.vue.ftl
 <disk-file-upload
    :data="data"
+    :appEntityService="appEntityService"
+    :context="context"
    formItemName="${item.name}"
    :value="data.${item.name}"
    :formState="formState"

--- a/@EDITOR/文件上传/EDITOR.vue.ftl
+++ b/@EDITOR/文件上传/EDITOR.vue.ftl
@@ -2,6 +2,8 @@
    ${editor.render.code}
 <#else>
 <app-file-upload
+  :appEntityService="appEntityService"
+  :context="context"
  :limit="<#if editor.getEditorParam('limit','') != ''>${editor.getEditorParam('limit','')}<#else>9999</#if>"
  :accept="'<#if editor.getEditorParam('accept','') != ''>${editor.getEditorParam('accept','')}<#else>*</#if>'"
  :formState="formState"
@@ -11,6 +13,7 @@
  name='${editor.name}'
  :value="data.${editor.name}"
  :disabled="detailsModel.${editor.name}.disabled"
+  :ownerid="<#if item.getEditorParam("ownerid",'') != ''>'${item.getEditorParam("ownerid",'')}'<#else>data.srfkey</#if>"
  :uploadparams='<#if editor.getEditorParam('uploadparams','') != ''>${editor.getEditorParam('uploadparams','')}<#else>{}</#if>'
  :exportparams='<#if editor.getEditorParam('exportparams','') != ''>${editor.getEditorParam('exportparams','')}<#else>{}</#if>'
  :multiple='<#if editor.getEditorParam('multiple','') != ''>${editor.getEditorParam('multiple','')}<#else>true</#if>'

--- a/@EDITOR/文件上传（信息展示）/EDITOR.vue.ftl
+++ b/@EDITOR/文件上传（信息展示）/EDITOR.vue.ftl
-<app-upload-file-info name='${editor.name}' :value="data.${editor.name}" style="${editor.getEditorCssStyle()}"></app-upload-file-info>
+<app-upload-file-info 
\ No newline at end of file
+    :appEntityService="appEntityService" 
+    :context="context"
+    name='${editor.name}' 
+    :value="data.${editor.name}"
+    :ownerid="<#if item.getEditorParam("ownerid",'') != ''>'${item.getEditorParam("ownerid",'')}'<#else>data.srfkey</#if>"
+    style="${editor.getEditorCssStyle()}">
+</app-upload-file-info>
\ No newline at end of file
--- a/@EDITOR/文件上传（支持拖拽）/EDITOR.vue.ftl
+++ b/@EDITOR/文件上传（支持拖拽）/EDITOR.vue.ftl
 <app-file-upload
+  :appEntityService="appEntityService"
+  :context="context"
  :isdrag="true"
  :limit="<#if editor.getEditorParam('limit','') != ''>${editor.getEditorParam('limit','')}<#else>9999</#if>"
  :accept="'<#if editor.getEditorParam('accept','') != ''>${editor.getEditorParam('accept','')}<#else>*</#if>'"
@@ -9,6 +11,7 @@
  name='${editor.name}'
  :value="data.${editor.name}"
  :disabled="detailsModel.${editor.name}.disabled"
+  :ownerid="<#if item.getEditorParam("ownerid",'') != ''>'${item.getEditorParam("ownerid",'')}'<#else>data.srfkey</#if>"
  :uploadparams='<#if editor.getEditorParam('uploadparams','') != ''>${editor.getEditorParam('uploadparams','')}<#else>{}</#if>'
  :exportparams='<#if editor.getEditorParam('exportparams','') != ''>${editor.getEditorParam('exportparams','')}<#else>{}</#if>'
  :multiple='<#if editor.getEditorParam('multiple','') != ''>${editor.getEditorParam('multiple','')}<#else>true</#if>'