NULL地址不允许预览
陈精华
parent
af752cfa13
commit
d78351f72c
|
|
@ -3,7 +3,6 @@ package cn.keking.web.controller;
|
|||
import cn.keking.config.ConfigConstants;
|
||||
import cn.keking.model.ReturnResponse;
|
||||
import cn.keking.utils.KkFileUtils;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.util.StreamUtils;
|
||||
|
|
@ -15,11 +14,14 @@ import org.springframework.web.multipart.MultipartFile;
|
|||
import org.springframework.web.util.HtmlUtils;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLDecoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -41,7 +43,7 @@ public class FileController {
|
|||
private final String demoPath = demoDir + File.separator;
|
||||
|
||||
@PostMapping("/fileUpload")
|
||||
public ReturnResponse<Object> fileUpload(@RequestParam("file") MultipartFile file) throws JsonProcessingException {
|
||||
public ReturnResponse<Object> fileUpload(@RequestParam("file") MultipartFile file) {
|
||||
if (ConfigConstants.getFileUploadDisable()) {
|
||||
return ReturnResponse.failure("文件传接口已禁用");
|
||||
}
|
||||
|
|
@ -71,7 +73,7 @@ public class FileController {
|
|||
logger.error("创建文件夹【{}】失败,请检查目录权限!", fileDir + demoPath);
|
||||
}
|
||||
logger.info("上传文件:{}", fileDir + demoPath + fileName);
|
||||
try (InputStream in = file.getInputStream(); OutputStream out = new FileOutputStream(fileDir + demoPath + fileName)) {
|
||||
try (InputStream in = file.getInputStream(); OutputStream out = Files.newOutputStream(Paths.get(fileDir + demoPath + fileName))) {
|
||||
StreamUtils.copy(in, out);
|
||||
return ReturnResponse.success(null);
|
||||
} catch (IOException e) {
|
||||
|
|
@ -81,7 +83,15 @@ public class FileController {
|
|||
}
|
||||
|
||||
@GetMapping("/deleteFile")
|
||||
public ReturnResponse<Object> deleteFile(String fileName) throws JsonProcessingException {
|
||||
public ReturnResponse<Object> deleteFile(String fileName) {
|
||||
if (fileName == null || fileName.length() == 0) {
|
||||
return ReturnResponse.failure("文件名为空,删除失败!");
|
||||
}
|
||||
try {
|
||||
fileName = URLDecoder.decode(fileName, StandardCharsets.UTF_8.name());
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
if (fileName.contains("/")) {
|
||||
fileName = fileName.substring(fileName.lastIndexOf("/") + 1);
|
||||
}
|
||||
|
|
@ -99,7 +109,7 @@ public class FileController {
|
|||
}
|
||||
|
||||
@GetMapping("/listFiles")
|
||||
public List<Map<String, String>> getFiles() throws JsonProcessingException {
|
||||
public List<Map<String, String>> getFiles() {
|
||||
List<Map<String, String>> list = new ArrayList<>();
|
||||
File file = new File(fileDir + demoPath);
|
||||
if (file.exists()) {
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.URL;
|
||||
import java.util.Arrays;
|
||||
|
|
@ -54,6 +53,10 @@ public class OnlinePreviewController {
|
|||
|
||||
@GetMapping( "/onlinePreview")
|
||||
public String onlinePreview(String url, Model model, HttpServletRequest req) {
|
||||
if (url == null || url.length() == 0){
|
||||
logger.info("URL异常:{}", url);
|
||||
return otherFilePreview.notSupportedFile(model, "NULL地址不允许预览");
|
||||
}
|
||||
String fileUrl;
|
||||
try {
|
||||
fileUrl = WebUtils.decodeUrl(url);
|
||||
|
|
@ -69,12 +72,12 @@ public class OnlinePreviewController {
|
|||
}
|
||||
|
||||
@GetMapping( "/picturesPreview")
|
||||
public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
|
||||
String fileUrls;
|
||||
public String picturesPreview(String urls, Model model, HttpServletRequest req) {
|
||||
if (urls == null || urls.length() == 0){
|
||||
logger.info("URL异常:{}", urls);
|
||||
return otherFilePreview.notSupportedFile(model, "NULL地址不允许预览:");
|
||||
return otherFilePreview.notSupportedFile(model, "NULL地址不允许预览");
|
||||
}
|
||||
String fileUrls;
|
||||
try {
|
||||
fileUrls = WebUtils.decodeUrl(urls);
|
||||
// 防止XSS攻击
|
||||
|
|
@ -106,7 +109,14 @@ public class OnlinePreviewController {
|
|||
* @param response response
|
||||
*/
|
||||
@GetMapping("/getCorsFile")
|
||||
public void getCorsFile(String urlPath, HttpServletResponse response) {
|
||||
public void getCorsFile(String urlPath, HttpServletResponse response) throws IOException {
|
||||
if (urlPath == null || urlPath.length() == 0){
|
||||
logger.info("URL异常:{}", urlPath);
|
||||
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
|
||||
response.setHeader("Content-Type", "text/html; charset=UTF-8");
|
||||
response.getWriter().println("NULL地址不允许预览");
|
||||
return;
|
||||
}
|
||||
try {
|
||||
urlPath = WebUtils.decodeUrl(urlPath);
|
||||
} catch (Exception ex) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue