From 75a46a14a8568f337e56c66f4f8110dffca3dde6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=AB=98=E9=9B=84?= <admin@cxcp.com>
Date: Mon, 10 Apr 2023 09:33:22 +0000
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=A4=87=E6=A1=88=E4=BF=A1?=
 =?UTF-8?q?=E6=81=AF,=E7=A6=81=E6=AD=A2=E4=B8=8A=E4=BC=A0=E7=B1=BB?=
 =?UTF-8?q?=E5=9E=8B,=E5=88=A0=E9=99=A4=E6=94=AF=E6=8C=81=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=E5=8A=9F=E8=83=BD=20=E6=96=B0=E5=A2=9E=E5=A4=87?=
 =?UTF-8?q?=E6=A1=88=E4=BF=A1=E6=81=AF,=E7=A6=81=E6=AD=A2=E4=B8=8A?=
 =?UTF-8?q?=E4=BC=A0=E7=B1=BB=E5=9E=8B,=E5=88=A0=E9=99=A4=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81=E5=AF=86=E7=A0=81=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 高雄 <admin@cxcp.com>
---
 .../keking/web/controller/FileController.java | 26 +++++++------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/server/src/main/java/cn/keking/web/controller/FileController.java b/server/src/main/java/cn/keking/web/controller/FileController.java
index b9bb5f47..0dcf2938 100644
--- a/server/src/main/java/cn/keking/web/controller/FileController.java
+++ b/server/src/main/java/cn/keking/web/controller/FileController.java
@@ -60,11 +60,15 @@ public class FileController {
     }
 
     @GetMapping("/deleteFile")
-    public ReturnResponse<Object> deleteFile(String fileName) {
+    public ReturnResponse<Object> deleteFile(String fileName,String password) {
         ReturnResponse<Object> checkResult = this.deleteFileCheck(fileName);
         if (checkResult.isFailure()) {
             return checkResult;
         }
+        if(!ConfigConstants.getpassword().equalsIgnoreCase(password)){
+            logger.error("删除文件【{}】失败，密码错误！",fileName);
+            return ReturnResponse.failure("删除文件失败，密码错误！");
+        }
         fileName = checkResult.getContent().toString();
         File file = new File(fileDir + demoPath + fileName);
         logger.info("删除文件：{}", file.getAbsolutePath());
@@ -103,8 +107,10 @@ public class FileController {
             return ReturnResponse.failure("文件传接口已禁用");
         }
         String fileName = WebUtils.getFileNameFromMultipartFile(file);
-
-        if (!isAllowedUpload(fileName)) {
+        if(fileName.lastIndexOf(".")==-1){
+            return ReturnResponse.failure("不允许上传的类型");
+        }
+        if (!KkFileUtils.isAllowedUpload(fileName)) {
             return ReturnResponse.failure("不允许上传的文件类型: " + fileName);
         }
         if (KkFileUtils.isIllegalFileName(fileName)) {
@@ -117,20 +123,6 @@ public class FileController {
         return ReturnResponse.success(fileName);
     }
 
-    /**
-     * 判断文件是否允许上传
-     *
-     * @param file 文件扩展名
-     * @return 是否允许上传
-     */
-    private boolean isAllowedUpload(String file) {
-        String fileType = KkFileUtils.suffixFromFileName(file);
-        for (String type : not_allowed) {
-            if (type.equals(fileType))
-                return false;
-        }
-        return !ObjectUtils.isEmpty(fileType);
-    }
 
     /**
      * 删除文件前校验