修复getCorsFile接口未加base64编码(filter中解码异常)

2 years ago · dd65564af6
2 changed files with 8 additions and 2 deletions
--- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
+++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
@ -106,6 +106,12 @@ public class OnlinePreviewController {
     */
    @RequestMapping(value = "/getCorsFile", method = RequestMethod.GET)
    public void getCorsFile(String urlPath, HttpServletResponse response) {
+        try {
+            urlPath = new String(Base64.decodeBase64(urlPath), StandardCharsets.UTF_8);
+        } catch (Exception ex) {
+            logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath, ex));
+            return;
+        }
        if (urlPath == null || urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3") || !urlPath.toLowerCase().startsWith("http")) {
            logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
            return;
--- a/server/src/main/resources/web/pdf.ftl
+++ b/server/src/main/resources/web/pdf.ftl
@ -25,7 +25,7 @@
    var url = '${finalUrl}';
    var baseUrl = '${baseUrl}'.endsWith('/') ? '${baseUrl}' : '${baseUrl}' + '/';
    if (!url.startsWith(baseUrl)) {
-        url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(url);
+        url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(Base64.encode(url));
    }
    document.getElementsByTagName('iframe')[0].src = "${baseUrl}pdfjs/web/viewer.html?file=" + encodeURIComponent(url) + "&disablepresentationmode=${pdfPresentationModeDisable}&disableopenfile=${pdfOpenFileDisable}&disableprint=${pdfPrintDisable}&disabledownload=${pdfDownloadDisable}&disablebookmark=${pdfBookmarkDisable}";
    document.getElementsByTagName('iframe')[0].height = document.documentElement.clientHeight - 10;
@ -52,4 +52,4 @@
        initWaterMark();
    }
 </script>
-</html>
+</html>