From dd65564af65a382acab86a968f03fe0ec28dd22e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E7=B2=BE=E5=8D=8E?= <842761733@qq.com>
Date: Thu, 21 Jul 2022 11:27:06 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DgetCorsFile=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E6=9C=AA=E5=8A=A0base64=E7=BC=96=E7=A0=81(filter=E4=B8=AD?=
 =?UTF-8?q?=E8=A7=A3=E7=A0=81=E5=BC=82=E5=B8=B8)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cn/keking/web/controller/OnlinePreviewController.java   | 6 ++++++
 server/src/main/resources/web/pdf.ftl                       | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
index 3b919a97..1848cada 100644
--- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
+++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
@@ -106,6 +106,12 @@ public class OnlinePreviewController {
      */
     @RequestMapping(value = "/getCorsFile", method = RequestMethod.GET)
     public void getCorsFile(String urlPath, HttpServletResponse response) {
+        try {
+            urlPath = new String(Base64.decodeBase64(urlPath), StandardCharsets.UTF_8);
+        } catch (Exception ex) {
+            logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath, ex));
+            return;
+        }
         if (urlPath == null || urlPath.toLowerCase().startsWith("file:") || urlPath.toLowerCase().startsWith("file%3") || !urlPath.toLowerCase().startsWith("http")) {
             logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
             return;
diff --git a/server/src/main/resources/web/pdf.ftl b/server/src/main/resources/web/pdf.ftl
index 7827fcb6..782a0d5a 100644
--- a/server/src/main/resources/web/pdf.ftl
+++ b/server/src/main/resources/web/pdf.ftl
@@ -25,7 +25,7 @@
     var url = '${finalUrl}';
     var baseUrl = '${baseUrl}'.endsWith('/') ? '${baseUrl}' : '${baseUrl}' + '/';
     if (!url.startsWith(baseUrl)) {
-        url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(url);
+        url = baseUrl + 'getCorsFile?urlPath=' + encodeURIComponent(Base64.encode(url));
     }
     document.getElementsByTagName('iframe')[0].src = "${baseUrl}pdfjs/web/viewer.html?file=" + encodeURIComponent(url) + "&disablepresentationmode=${pdfPresentationModeDisable}&disableopenfile=${pdfOpenFileDisable}&disableprint=${pdfPrintDisable}&disabledownload=${pdfDownloadDisable}&disablebookmark=${pdfBookmarkDisable}";
     document.getElementsByTagName('iframe')[0].height = document.documentElement.clientHeight - 10;
@@ -52,4 +52,4 @@
         initWaterMark();
     }
 </script>
-</html>
\ No newline at end of file
+</html>