From a40643e828f766abe2d4413eda6caa07db319bfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=BA=81=E5=8A=A8=E7=9A=84=E6=B0=A8=E6=B0=94?=
 <131591012+zaodonganqi@users.noreply.github.com>
Date: Mon, 15 Dec 2025 01:32:10 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=99=9A=E6=8B=9F=E5=9F=9F?=
 =?UTF-8?q?=E5=90=8D=E6=83=85=E5=86=B5=E4=B8=8BREADME=E5=86=85=E5=9B=BE?=
 =?UTF-8?q?=E7=89=87=E8=8E=B7=E5=8F=96=E6=94=AF=E6=8C=81=20(#2552)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Core/Script/WebView/RepoWebBridge.cs      | 36 ++++++++++++++++---
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/BetterGenshinImpact/Core/Script/WebView/RepoWebBridge.cs b/BetterGenshinImpact/Core/Script/WebView/RepoWebBridge.cs
index c6573843..eac1a69f 100644
--- a/BetterGenshinImpact/Core/Script/WebView/RepoWebBridge.cs
+++ b/BetterGenshinImpact/Core/Script/WebView/RepoWebBridge.cs
@@ -8,6 +8,7 @@ using BetterGenshinImpact.View.Windows;
 using BetterGenshinImpact.ViewModel.Message;
 using CommunityToolkit.Mvvm.Messaging;
 using Newtonsoft.Json.Linq;
+using System.Net;
 
 namespace BetterGenshinImpact.Core.Script.WebView;
 
@@ -25,6 +26,11 @@ public sealed class RepoWebBridge
         ".vue", ".css", ".html", ".csv", ".xml",
         ".yaml", ".yml", ".ini", ".config"
     };
+    
+    private static readonly HashSet<string> AllowedImageExtensions = new(StringComparer.OrdinalIgnoreCase)
+    {
+        ".png", ".jpg", ".jpeg", ".gif", ".webp", ".svg", ".bmp", ".ico"
+    };
 
     public async Task<string> GetRepoJson()
     {
@@ -75,25 +81,45 @@ public sealed class RepoWebBridge
     {
         try
         {
+            // URL 解码路径（处理中文文件名）
+            relPath = WebUtility.UrlDecode(relPath);
+        
             string filePath = Path.Combine(ScriptRepoUpdater.CenterRepoPath, "repo", relPath)
                 .Replace(Path.AltDirectorySeparatorChar, Path.DirectorySeparatorChar);
+            
+            // 验证解析后的路径在允许的目录范围内
+            string normalizedBasePath = Path.GetFullPath(Path.Combine(ScriptRepoUpdater.CenterRepoPath, "repo"));
+            string normalizedFilePath = Path.GetFullPath(filePath);
+            if (!normalizedFilePath.StartsWith(normalizedBasePath, StringComparison.OrdinalIgnoreCase))
+            {
+                   return "404";
+            }
 
             if (!File.Exists(filePath))
             {
                 return "404";
             }
 
-            string extension = Path.GetExtension(filePath);
-            return AllowedTextExtensions.Contains(extension) 
-                ? await File.ReadAllTextAsync(filePath) 
-                : "404";
+            string extension = Path.GetExtension(filePath).ToLower();
+    
+            if (AllowedTextExtensions.Contains(extension)) 
+            {
+                return await File.ReadAllTextAsync(filePath);
+            }
+            else if (AllowedImageExtensions.Contains(extension))
+            {
+                byte[] bytes = await File.ReadAllBytesAsync(filePath);
+                return Convert.ToBase64String(bytes);
+            }
+
+            return "404";
         }
         catch
         {
             return "404";
         }
     }
-
+    
     public async Task<bool> UpdateSubscribed(string path)
     {
         try