gitee
/
file-online-preview
mirror of https://gitee.com/kekingcn/file-online-preview
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

修复加号被转换成空格导致Base64解码出错 (#340) 

* 修复url中加号被替换为空格导致的Base64解码出错

* Base64解码抽象到工具类

* #340 补充注释
pom
gkchp 2 years ago committed by GitHub
parent
86960e3813
commit
35a8c4a5a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 34 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 35
      server/src/main/java/cn/keking/utils/WebUtils.java
  2. 6
      server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java

35
server/src/main/java/cn/keking/utils/WebUtils.java
Unescape View File

@ -9,6 +9,7 @@ import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
@ -156,22 +157,48 @@ public class WebUtils {
String currentUrl = request.getParameter("currentUrl");
String urlPath = request.getParameter("urlPath");
if (StringUtils.isNotBlank(url)) {
return new String(Base64Utils.decodeFromString(url), StandardCharsets.UTF_8);
return decodeBase64String(url);
}
if (StringUtils.isNotBlank(currentUrl)) {
return new String(Base64Utils.decodeFromString(currentUrl), StandardCharsets.UTF_8);
return decodeBase64String(currentUrl);
}
if (StringUtils.isNotBlank(urlPath)) {
return new String(Base64Utils.decodeFromString(urlPath), StandardCharsets.UTF_8);
return decodeBase64String(urlPath);
}
if (StringUtils.isNotBlank(urls)) {
urls = new String(Base64Utils.decodeFromString(urls), StandardCharsets.UTF_8);
urls = decodeBase64String(urls);
String[] images = urls.split("\\|");
return images[0];
}
return null;
}
/**
* Base64 字符串解码默认使用 UTF-8
* @param source 原始 Base64 字符串
* @return decoded string
*/
public static String decodeBase64String(String source) {
return decodeBase64String(source, StandardCharsets.UTF_8);
}
/**
* Base64 字符串使用指定字符集解码
* @param source 原始 Base64 字符串
* @param charsets 字符集
* @return decoded string
*/
public static String decodeBase64String(String source, Charset charsets) {
/*
* url 传入的参数里加号会被替换成空格导致解析出错这里需要把空格替换回加号
* 有些 Base64 实现可能每 76 个字符插入换行符也一并去掉
* https://github.com/kekingcn/kkFileView/pull/340
*/
return new String(Base64Utils.decodeFromString(
source.replaceAll(" ", "+").replaceAll("\n", "")
), charsets);
}
/**
* 获取 url host
* @param urlStr url

6
server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
Unescape View File

@ -56,7 +56,7 @@ public class OnlinePreviewController {
public String onlinePreview(String url, Model model, HttpServletRequest req) {
String fileUrl;
try {
fileUrl = new String(Base64.decodeBase64(url), StandardCharsets.UTF_8);
fileUrl = WebUtils.decodeBase64String(url);
} catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
return otherFilePreview.notSupportedFile(model, errorMsg);
@ -72,7 +72,7 @@ public class OnlinePreviewController {
public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
String fileUrls;
try {
fileUrls = new String(Base64.decodeBase64(urls));
fileUrls = WebUtils.decodeBase64String(urls);
// 防止XSS攻击
fileUrls = HtmlUtils.htmlEscape(fileUrls);
} catch (Exception ex) {
@ -106,7 +106,7 @@ public class OnlinePreviewController {
@GetMapping("/getCorsFile")
public void getCorsFile(String urlPath, HttpServletResponse response) {
try {
urlPath = new String(Base64.decodeBase64(urlPath), StandardCharsets.UTF_8);
urlPath = WebUtils.decodeBase64String(urlPath);
} catch (Exception ex) {
logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
return;

Write Preview
Loading…
Cancel
Save