Skip to content

A
api
Commit 5d7703bb by Lenovo
Options

添加下载路径限制

parent 74cff147
Showing with 20 additions and 17 deletions
src/com/ejweb/core/conf/SecurityPropertyPlaceholderConfigurer.java
......@@ -79,6 +79,7 @@ public class SecurityPropertyPlaceholderConfigurer extends PropertyPlaceholderCo
public static void main(String[] args) {
System.out.println(DES3Utils.encrypt("foctest", CONF_DESC_KEY));
System.out.println(DES3Utils.decrypt("69872b2310ba9b30470ce46682151021e825c3909c394aa5f4387123bdbfa67e", CONF_DESC_KEY));
System.out.println(DES3Utils.decrypt("35824f37e331a42e669a52e248d88ffb6474030c906ec914", CONF_DESC_KEY));
System.out.println(DES3Utils.decrypt("6f2237c231b1464c6474030c906ec914", CONF_DESC_KEY));
}
}
src/com/ejweb/modules/upload/api/UploadController.java
......@@ -38,11 +38,10 @@ import java.util.List;
import java.util.Map;
/**
* @team IT Team
* @author renmb
* @version 1.0
* @team IT Team
* @time 2016-03-22
*
*/
@Controller
@RequestMapping(value = "/api/upload")
......@@ -55,11 +54,11 @@ public class UploadController {
/**
* 使用BASE64上传文件
*
* @author renmb
* @time 2016年11月1日
* @param request
* @param requestBean
* @return
* @author renmb
* @time 2016年11月1日
*/
@ResponseBody
@RequestMapping("/base64")
......@@ -284,7 +283,11 @@ public class UploadController {
InputStream in = null;
OutputStream out = null;
try {
if (bean.getPath() != null) {
if (bean.getPath().indexOf("../") != -1) {
return;
}
}
// 设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8");
// String downloadFileName=Encodes.urlEncode(bean.getName());
......@@ -302,8 +305,8 @@ public class UploadController {
// 获取目标文件的绝对路径
// String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath();
File downloadFile = new File(GConstants.FILE_UPLOAD_DIR, bean.getPath());
LOG.error("文件下载地址:"+downloadFile.getAbsolutePath());
System.out.println("文件下载地址:"+downloadFile.getAbsolutePath());
LOG.error("文件下载地址:" + downloadFile.getAbsolutePath());
System.out.println("文件下载地址:" + downloadFile.getAbsolutePath());
// 读取文件
in = new FileInputStream(downloadFile);
out = response.getOutputStream();
......@@ -324,7 +327,7 @@ public class UploadController {
}
}
// public static String GetImageStr(String imgFile)
// public static String GetImageStr(String imgFile)
// {//将图片文件转化为字节数组字符串,并对其进行Base64编码处理
//// String imgFile = "d://test.jpg";//待处理的图片
// InputStream in = null;
......@@ -400,12 +403,12 @@ public class UploadController {
@RequestMapping("/verifFile")
public ResponseBean verifFile(HttpServletRequest request, RequestBean requestBean) {
ResponseBean responseBean = new ResponseBean();
String stream=request.getParameter("fileStream");
String filePath=request.getParameter("filePath");
String fileDir=request.getParameter("fileDir");
String stream = request.getParameter("fileStream");
String filePath = request.getParameter("filePath");
String fileDir = request.getParameter("fileDir");
ByteArrayInputStream bais = null;
FileOutputStream ostream = null;
try{
try {
byte buf[] = stream.getBytes("utf-8");
bais = new ByteArrayInputStream(buf);
POIFSFileSystem poifs = new POIFSFileSystem();
......@@ -413,12 +416,11 @@ public class UploadController {
directory.createDocument("WordDocument", bais);
// 文件保存地址
File uploadFilePath = new File(GConstants.FILE_UPLOAD_DIR,filePath);
if(uploadFilePath.exists())
{
File uploadFilePath = new File(GConstants.FILE_UPLOAD_DIR, filePath);
if (uploadFilePath.exists()) {
return responseBean;
}
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR,fileDir);
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, fileDir);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment