From ccaba78e8d5782f35db546b4dc814bce839a7838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AB=98=E9=9B=84?= Date: Fri, 28 Jul 2023 06:42:13 +0000 Subject: [PATCH] =?UTF-8?q?=E8=B7=A8=E5=9F=9F=E6=96=B9=E6=B3=95=20?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E9=87=8D=E5=AE=9A=E5=90=91=20=E8=B7=A8?= =?UTF-8?q?=E5=9F=9F=E6=96=B9=E6=B3=95=20=E6=94=AF=E6=8C=81=E9=87=8D?= =?UTF-8?q?=E5=AE=9A=E5=90=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 高雄 --- .../controller/OnlinePreviewController.java | 37 +++++++++++++++++-- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java index cb15ba10..ca95d62a 100644 --- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java +++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java @@ -30,8 +30,11 @@ import javax.servlet.http.HttpServletResponse; import java.awt.image.RenderedImage; import java.io.IOException; import java.io.InputStream; +import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.net.URL; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; import java.text.SimpleDateFormat; import java.util.Arrays; import java.util.Date; @@ -63,6 +66,7 @@ public class OnlinePreviewController { @GetMapping( "/onlinePreview") public String onlinePreview(String url, Model model, HttpServletRequest req) { + String fileUrl; try { fileUrl = WebUtils.decodeUrl(url); @@ -121,6 +125,7 @@ public class OnlinePreviewController { } HttpURLConnection urlcon = null; InputStream inputStream = null; + String urlStr; assert urlPath != null; if (!urlPath.toLowerCase().startsWith("http") && !urlPath.toLowerCase().startsWith("https") && !urlPath.toLowerCase().startsWith("ftp")) { logger.info("读取跨域文件异常,可能存在非法访问,urlPath:{}", urlPath); @@ -135,19 +140,43 @@ public class OnlinePreviewController { urlcon.setReadTimeout(30000); urlcon.setInstanceFollowRedirects(false); int responseCode = urlcon.getResponseCode(); + if ( responseCode == 403 || responseCode == 500) { //403 500 + logger.error("读取跨域文件异常,url:{},错误:{}", urlPath,responseCode); + return ; + } if (responseCode == HttpURLConnection.HTTP_MOVED_PERM || responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { //301 302 url =new URL(urlcon.getHeaderField("Location")); urlcon=(HttpURLConnection)url.openConnection(); + } if (responseCode == 404 ) { //404 + try { + urlStr = URLDecoder.decode(urlPath, StandardCharsets.UTF_8.name()); + urlStr = URLDecoder.decode(urlStr, StandardCharsets.UTF_8.name()); + url = WebUtils.normalizedURL(urlStr); + urlcon=(HttpURLConnection)url.openConnection(); + urlcon.setConnectTimeout(30000); + urlcon.setReadTimeout(30000); + urlcon.setInstanceFollowRedirects(false); + responseCode = urlcon.getResponseCode(); + if (responseCode == HttpURLConnection.HTTP_MOVED_PERM || responseCode == HttpURLConnection.HTTP_MOVED_TEMP) { //301 302 + url =new URL(urlcon.getHeaderField("Location")); + } + if(responseCode == 404 ||responseCode == 403 || responseCode == 500 ){ + logger.error("读取跨域文件异常,url:{},错误:{}", urlPath,responseCode); + return ; + } + } catch (UnsupportedEncodingException e) { + e.printStackTrace(); + }finally { + assert urlcon != null; + urlcon.disconnect(); + } } - if (responseCode == HttpURLConnection.HTTP_NOT_FOUND ||responseCode == HttpURLConnection.HTTP_FORBIDDEN || responseCode == HttpURLConnection.HTTP_INTERNAL_ERROR ) { //403 404 500 - logger.error("读取跨域文件异常,url:{},错误:{}", urlPath,responseCode); - } else { if(urlPath.contains( ".svg")) { response.setContentType("image/svg+xml"); } inputStream=(url).openStream(); IOUtils.copy(inputStream, response.getOutputStream()); - } + } catch (IOException | GalimatiasParseException e) { logger.error("读取跨域文件异常,url:{}", urlPath); } finally {