From 567c8a29711719ac52c65435d2a7f44e405d2bf5 Mon Sep 17 00:00:00 2001 From: ezio <54128896+eziosudo@users.noreply.github.com> Date: Fri, 24 Jun 2022 23:00:26 +0800 Subject: [PATCH] =?UTF-8?q?Issue-2176=20=E5=90=8E=E5=8F=B0=E9=80=9A?= =?UTF-8?q?=E8=BF=87=E6=89=A9=E5=B1=95=E5=90=8D=E8=BF=87=E6=BB=A4=E4=B8=8A?= =?UTF-8?q?=E4=BC=A0=E6=96=87=E4=BB=B6=20(#2187)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../admin/api/BackupController.java | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/main/java/run/halo/app/controller/admin/api/BackupController.java b/src/main/java/run/halo/app/controller/admin/api/BackupController.java index 9f3338539..c6cf04969 100644 --- a/src/main/java/run/halo/app/controller/admin/api/BackupController.java +++ b/src/main/java/run/halo/app/controller/admin/api/BackupController.java @@ -4,6 +4,7 @@ import static run.halo.app.service.BackupService.BackupType.JSON_DATA; import static run.halo.app.service.BackupService.BackupType.MARKDOWN; import static run.halo.app.service.BackupService.BackupType.WHOLE_SITE; +import com.google.common.collect.Lists; import io.swagger.annotations.ApiOperation; import java.io.IOException; import java.nio.file.Files; @@ -14,6 +15,8 @@ import java.util.Objects; import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.io.FilenameUtils; +import org.apache.commons.lang3.StringUtils; import org.springframework.core.io.Resource; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -30,6 +33,7 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.multipart.MultipartFile; import run.halo.app.annotation.DisableOnCondition; import run.halo.app.config.properties.HaloProperties; +import run.halo.app.exception.BadRequestException; import run.halo.app.exception.NotFoundException; import run.halo.app.model.dto.BackupDTO; import run.halo.app.model.dto.post.BasePostDetailDTO; @@ -141,12 +145,21 @@ public class BackupController { backupService.deleteWorkDirBackup(filename); } - @PostMapping(value = "markdown/import", consumes = { - MediaType.TEXT_PLAIN_VALUE, - MediaType.TEXT_MARKDOWN_VALUE}) + @PostMapping(value = "markdown/import") @ApiOperation("Imports markdown") public BasePostDetailDTO backupMarkdowns(@RequestPart("file") MultipartFile file) throws IOException { + List supportType = Lists.newArrayList("md", "markdown", "mdown"); + String filename = file.getOriginalFilename(); + if (StringUtils.isEmpty(filename)) { + throw new BadRequestException("文件名不可为空").setErrorData(filename); + } + String extension = FilenameUtils.getExtension(filename).toLowerCase(); + if (!supportType.contains(extension)) { + throw new BadRequestException( + "不支持" + (StringUtils.isNotEmpty(extension) ? extension : "未知") + + "格式的文件上传").setErrorData(filename); + } return backupService.importMarkdown(file); }