From 127f759f16720b58a62de5e027fd507d8c9768e8 Mon Sep 17 00:00:00 2001
From: gaoxiongzaq <admin@cxcp.com>
Date: Sat, 3 Jun 2023 14:36:06 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E8=B7=A8=E5=9F=9F=E6=96=B9?=
 =?UTF-8?q?=E6=B3=95=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/OnlinePreviewController.java   | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
index ba11e216..ed29684a 100644
--- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
+++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
@@ -109,9 +109,10 @@ public class OnlinePreviewController {
             logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
             return;
         }
-        HttpURLConnection urlcon;
+        HttpURLConnection urlcon = null;
         InputStream inputStream = null;
-        if (urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3")) {
+        assert urlPath != null;
+        if (!urlPath.toLowerCase().startsWith("http") && !urlPath.toLowerCase().startsWith("https") && !urlPath.toLowerCase().startsWith("ftp")) {
             logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
             return;
         }
@@ -123,26 +124,25 @@ public class OnlinePreviewController {
                 urlcon.setConnectTimeout(30000);
                 urlcon.setReadTimeout(30000);
                 urlcon.setInstanceFollowRedirects(false);
-                if (urlcon.getResponseCode() == 302 || urlcon.getResponseCode() == 301) {
-                    urlcon.disconnect();
+                int responseCode = urlcon.getResponseCode();
+                if (responseCode == HttpURLConnection.HTTP_MOVED_PERM || responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { //301 302
                     url =new URL(urlcon.getHeaderField("Location"));
                     urlcon=(HttpURLConnection)url.openConnection();
                 }
-                if (urlcon.getResponseCode() == 404 || urlcon.getResponseCode() == 403 || urlcon.getResponseCode() == 500 ) {
-                    logger.error("读取跨域文件异常，url：{}", urlPath);
-                    return ;
+                if (responseCode  == HttpURLConnection.HTTP_NOT_FOUND  ||responseCode  == HttpURLConnection.HTTP_FORBIDDEN  || responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR ) { //403 404 500
+                    logger.error("读取跨域文件异常，url：{}，错误：{}", urlPath,responseCode);
                 } else {
                     if(urlPath.contains( ".svg")) {
                         response.setContentType("image/svg+xml");
                     }
                     inputStream=(url).openStream();
                     IOUtils.copy(inputStream, response.getOutputStream());
-                    urlcon.disconnect();
                 }
             } catch (IOException | GalimatiasParseException e) {
                 logger.error("读取跨域文件异常，url：{}", urlPath);
-                return ;
             } finally {
+                assert urlcon != null;
+                urlcon.disconnect();
                 IOUtils.closeQuietly(inputStream);
             }
         } else {
@@ -155,7 +155,6 @@ public class OnlinePreviewController {
                 IOUtils.copy(inputStream, response.getOutputStream());
             } catch (IOException | GalimatiasParseException e) {
                 logger.error("读取跨域文件异常，url：{}", urlPath);
-                return ;
             } finally {
                 IOUtils.closeQuietly(inputStream);
             }