250527-2

routers/api/dataManagement/__init__.py

@@ -250,15 +250,17 @@ async def generate_import_template(table_id: int, db: Session = Depends(get_db))
 
 # 数据批量导入
 @router.post("/import_data/{table_id}")
-async def import_data(table_id: int, filename :str, db: Session = Depends(get_db)):
+async def import_data(table_id: int,
+    body = Depends(remove_xss_json), db: Session = Depends(get_db)):
     # 获取表结构
     table_structure = get_data_field(table_id, db)
     table_name = table_structure["table_name"]
     schema_name = table_structure["schema_name"]
     columns = table_structure["columns"]
+    filename = body['filename']
     if '../' in filename or '/' in filename:
         return JSONResponse(status_code=400, content={'code': 400, "msg": '警告：禁止篡改文件路径'})
-    file_path = f'/data/upload/mergefile/{filename}'
+    file_path = f'/data/upload/mergefile/uploads/{filename}'
     if not os.path.exists(file_path):
         return JSONResponse(status_code=404, content={'code': 404, 'msg': f"文件不存在"})
         # print("文件不存在，请检查路径！")