高危漏洞修复

resources/esdk_ec_config.properties

@@ -2,10 +2,12 @@
 rest.url=http://218.241.234.131:8086
 
 #connection user name
-username=esdk_user
+username=f387adfd9ac040d78061c890ead8e215
+#username=esdk_user
 
 #connection user password
-password=Huawei@123
+#password=Huawei@123
+password=c49bc828b17297f1dbcfd394c7835dc6
 
 #gwIp
 gwIp=10.175.1.23

resources/jdbc.properties

@@ -3,8 +3,10 @@ db.table.prefix=foc_
 jdbc.type=mysql
 jdbc.driver.class=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
-jdbc.username=sms_develop
-jdbc.password=Develop2018!@#
+jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
+#jdbc.username=sms_develop
+#jdbc.password=Develop2018!@#
+jdbc.password=33c9745f057ba48a41d8043f1a007100
 #\u521d\u59cb\u5316\u8fde\u63a5
 jdbc.initialSize=0
 #\u8fde\u63a5\u6c60\u7684\u6700\u5927\u6d3b\u52a8\u4e2a\u6570  

resources/spring-context.xml

@@ -39,7 +39,7 @@
     
     <!-- Mybatis START -->
     <!-- 数据源配置, 使用Druid 数据库连接池 -->
-    <bean id="defaultDataSource" class="com.alibaba.druid.pool.DruidDataSource"
+    <bean id="defaultDataSource" class="com.ejweb.core.conf.DataBaseXml"
           init-method="init" destroy-method="close">
         <!-- 数据源驱动类可不写，Druid默认会自动根据URL识别DriverClass -->
         <property name="driverClassName" value="${jdbc.driver.class}" />

src/com/ejweb/core/api/ResponseBean.java

@@ -30,7 +30,11 @@ public class ResponseBean {
     private Object data;
     
     public ResponseBean(){
-        
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+        String origin = request.getHeader("Origin");
+        if (StrUtil.contains(origin, "https://ifos.jdair.net/")) {
+            throw new RuntimeException("接口请求源地址不在规定范围内");
+        }
     }
     public String getStatus() {
         return status;
@@ -48,11 +52,7 @@ public class ResponseBean {
         return data;
     }
     public void setData(Object data) {
-        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
-        String requestURI = request.getRequestURI();
-        if (StrUtil.contains(requestURI, "https://ifos.jdair.net/")) {
-            throw new RuntimeException("接口请求源地址不在规定范围内");
-        }
+
         this.data = data;
     }
     public String getCurrent() {

src/com/ejweb/core/conf/DataBaseXml.java

+package com.ejweb.core.conf;
+
+import cn.hutool.core.util.CharsetUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.SmUtil;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.asymmetric.SM2;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
+import com.alibaba.druid.pool.DruidDataSource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.KeyPair;
+
+public class DataBaseXml extends DruidDataSource {
+
+    byte[] key =new byte[]{43, -113, 127, 14, -39, 99, -3, -26, 50, 31, -98, -61, -46, 61, 56, 120};
+
+    /**
+     * Log4j logger
+     */
+    private final static Logger lg = LoggerFactory.getLogger(DataBaseXml.class);
+
+    @Override
+    public String getUrl() {
+
+        return this.jdbcUrl;
+    }
+
+    @Override
+    public void setUrl(String jdbcUrl) {
+        this.jdbcUrl = jdbcUrl;
+    }
+
+    @Override
+    public String getUsername() {
+
+        return this.username;
+    }
+
+    @Override
+    public void setUsername(String username) {
+
+        lg.info("数据库【username】解密初始化加载...");
+        try {
+            SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
+            username = aes.decryptStr(username, CharsetUtil.CHARSET_UTF_8);
+        } catch (Exception e) {
+
+            lg.error("数据库【username】密文解密失败...");
+            e.printStackTrace();
+
+        }
+        this.username = username;
+    }
+
+    @Override
+    public String getPassword() {
+
+        return this.password;
+    }
+
+    @Override
+    public void setPassword(String password) {
+
+
+        lg.info("数据库【password】解密初始化加载...");
+        try {
+            SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
+            password = aes.decryptStr(password, CharsetUtil.CHARSET_UTF_8);
+        } catch (Exception e) {
+
+            lg.error("数据库【password】密文解密失败...");
+            e.printStackTrace();
+
+        }
+        this.password = password;
+    }
+
+
+
+}

src/com/ejweb/core/conf/GConstants.java

 package com.ejweb.core.conf;
 
+import cn.hutool.core.util.CharsetUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
 import com.alibaba.druid.util.StringUtils;
 import com.ejweb.core.security.DES3Utils;
 import org.apache.commons.io.IOUtils;
@@ -85,7 +88,11 @@ public class GConstants {
     public static final String JDAIR_BASE_PARAM = GConstants.getValue("jdair.api.base.param", "");
     public static final String JDAIR_SMS_API = GConstants.getValue("jdair.api.sms.url", "http://user.jdair.net/ussinterface/uss/json/mobile/messSend.json?ai.cp=10.68.26.52&ai.cc=5");
 
-    private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
+//    private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
+
+    private static final String CONF_DESC_KEY = "9103efb684eb53b3951bb641ef0f353a74d52a439eb4fc90eb507db1d17b81321e10a31633d2fc3c547c3834f4143d1af11e8ac13aa32ae966e94d7ac1a1a33e";
+
+    private static byte[] KEY_BYTE =new byte[]{43, -113, 127, 14, -39, 99, -3, -26, 50, 31, -98, -61, -46, 61, 56, 120};
     public static final String JDBC_DRIVER_CLASS = "jdbc.driver.class";
     public static final String JDBC_URL = "jdbc.url";
     public static final String JDBC_USERNAME = "jdbc.username";
@@ -138,7 +145,9 @@ public class GConstants {
                 try {
                     String key = (String) enu.nextElement();
                     String val = (String) P.get(key);
-                    String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
+                    SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
+                    String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
+                    String decorded = DES3Utils.decrypt(val, key1);
                     if (decorded != null) {
                         P.put(key, decorded);
                     }
@@ -184,7 +193,7 @@ public class GConstants {
             // 临时文件夹路径
             if (P.getProperty("file.upload.dir") != null) {
                 String pathname = P.getProperty("file.upload.dir") + "tmp";
-                if (StrUtil.contains(pathname, "<")) {
+                if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
                     throw new RuntimeException("临时文件夹路径配置错误");
                 }
                 File tmp = new File(pathname);
@@ -223,7 +232,7 @@ public class GConstants {
         String val = getValue(key);
         if (val == null)
             return want;
-        if(StrUtil.contains(val, "<")){
+        if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
             return want;
         }
         return val;

src/com/ejweb/core/conf/SecurityPropertyPlaceholderConfigurer.java

@@ -3,6 +3,9 @@
  */
 package com.ejweb.core.conf;
 
+import cn.hutool.core.util.CharsetUtil;
+import cn.hutool.crypto.symmetric.SymmetricAlgorithm;
+import cn.hutool.crypto.symmetric.SymmetricCrypto;
 import com.ejweb.core.security.DES3Utils;
 import com.ejweb.core.util.Util;
 import org.springframework.beans.BeansException;
@@ -20,7 +23,10 @@ import java.util.Properties;
  */
 public class SecurityPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
 
-    private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
+//    private static final String CONF_DESC_KEY = "2012PinganVitality075522628888ForShenZhenBelter075561869839";
+    private static final String CONF_DESC_KEY = "9103efb684eb53b3951bb641ef0f353a74d52a439eb4fc90eb507db1d17b81321e10a31633d2fc3c547c3834f4143d1af11e8ac13aa32ae966e94d7ac1a1a33e";
+
+    private static byte[] KEY_BYTE =new byte[]{43, -113, 127, 14, -39, 99, -3, -26, 50, 31, -98, -61, -46, 61, 56, 120};
 
     @Override
     protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
@@ -32,7 +38,9 @@ public class SecurityPropertyPlaceholderConfigurer extends PropertyPlaceholderCo
                 try {
                     String key = (String) enu.nextElement();
                     String val = (String) props.get(key);
-                    String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
+                    SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
+                    String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
+                    String decorded = DES3Utils.decrypt(val, key1);
                     if (decorded != null) {
                         props.put(key, decorded);
                     }

src/com/ejweb/core/file/Html2File.java

@@ -57,7 +57,7 @@ public class Html2File {
             // 待扩展名称的MOD5
             String md5 = date + Util.getRandom(100000, 999999) + ".doc";
             // 文件保存路径：基本路径+模块名称+日期
-            String baseDatePath = StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"<","");// FORMAT.format(System.currentTimeMillis());
+            String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
             String basePath =  "doc" +  GConstants.FS;
             // String outputFile =
             // baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
@@ -98,7 +98,7 @@ public class Html2File {
             bais = new ByteArrayInputStream(buf);
             
 //            String md5 = DigestUtils.md5Hex(buf);
-            String baseDir=StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"<","");
+            String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
             // 上传文件基本地址
             File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR,
                     baseDir);

src/com/ejweb/core/util/FileManipulation.java

@@ -104,7 +104,7 @@ public class FileManipulation {
        filename= filename.replaceAll("\\.\\./", "");
        filename= filename.replaceAll("\\.\\.\\\\", "");
        filename= filename.replaceAll("\\.\\.", "");
-       filename= StrUtil.replace(filename, "<", "");
+       filename= StrUtil.replace(StrUtil.replace(filename, "../", ""),"..\\","");
        return filename;
    }
    /**

src/com/ejweb/core/util/ImageUtil.java

@@ -109,7 +109,7 @@ public final class ImageUtil {
             }
 
             String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
-            if (StrUtil.contains(baseDatePath,"<")) {
+            if (StrUtil.contains(baseDatePath,"../")||StrUtil.contains(baseDatePath, "..\\")) {
                 return null;
             }
             // 验证文件安全
@@ -119,13 +119,14 @@ public final class ImageUtil {
                 baseUploadDir.mkdirs();
             }
             String fileName = IdWorker.getNextId() + "." + PNG;
-            if (StrUtil.contains(baseDatePath, "<")) {
+            if (StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
                 return null;
             }
             String fullFileName = baseUploadDir + GConstants.FS + fileName;
             //        File uploadFilePath = new File(baseUploadDir, fileName);
             writeHighQuality(outImage, fullFileName);
-            return baseDatePath + fileName;
+            String fileNamePath = baseDatePath + fileName;
+            return StrUtil.replace(StrUtil.replace(fileNamePath,"../",""),"..\\","");
         } catch (Exception e) {
             e.printStackTrace();
         }
@@ -136,7 +137,7 @@ public final class ImageUtil {
     public static BufferedImage zoomImage(String src, int toWidth, int toHeight) {
 
         BufferedImage result = null;
-        if (StrUtil.contains(src, "<")) {
+        if (StrUtil.contains(src, "../")||StrUtil.contains(src, "..\\")) {
             return null;
         }
         try {
@@ -178,7 +179,7 @@ public final class ImageUtil {
 
     public static boolean writeHighQuality(BufferedImage im, String fileFullPath) {
         try {
-            if (StrUtil.contains(fileFullPath, "<")) {
+            if (StrUtil.contains(fileFullPath, "../")||StrUtil.contains(fileFullPath, "..\\")) {
                 return false;
             }
             // 验证文件安全
@@ -223,7 +224,7 @@ public final class ImageUtil {
                 // 验证文件安全
 
                 String path = FileManipulation.validateFile(paths.get(i));
-                if (StrUtil.contains(path, "<")) {
+                if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
                    continue;
                 }
                 File f = new File(path);
@@ -311,7 +312,7 @@ public final class ImageUtil {
             }
 
             String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
-            if (StrUtil.contains(baseDatePath, "<")) {
+            if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
                 return null;
             }
             File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath);
@@ -341,6 +342,9 @@ public final class ImageUtil {
      */
     public static BufferedImage resize(String filePath, int height, int width, boolean bb) {
         try {
+            if(StrUtil.contains(filePath, "../") || StrUtil.contains(filePath, "..\\")){
+                return null;
+            }
             double ratio = 0; // 缩放比例
             File f = new File(filePath);
             BufferedImage bi = ImageIO.read(f);

src/com/ejweb/core/util/PathFormatUtils.java

@@ -22,7 +22,7 @@ public class PathFormatUtils {
     private static Date currentDate = null;
     
     public static String parse ( String input ) {
-        input = StrUtil.replace(input, "<", "");
+        input = StrUtil.replace(StrUtil.replace(input, "../", ""),"..\\","");
         Pattern pattern = Pattern.compile( "\\{([^\\}]+)\\}", Pattern.CASE_INSENSITIVE  );
         Matcher matcher = pattern.matcher(input);
         
@@ -53,7 +53,7 @@ public class PathFormatUtils {
     }
 
     public static String parse ( String input, String filename ) {
-        input = StrUtil.replace(input, "<", "");
+        input = StrUtil.replace(StrUtil.replace(input, "../", ""),"..\\","");
         Pattern pattern = Pattern.compile( "\\{([^\\}]+)\\}", Pattern.CASE_INSENSITIVE  );
         Matcher matcher = pattern.matcher(input);
         String matchStr = null;

src/com/ejweb/core/util/PlanUtil.java

@@ -37,7 +37,8 @@ public class PlanUtil {
     public static  List<ConnectionPlan> planlist(String fileName,String filePath){
         //读取文件  
         try {
-            if (StrUtil.contains(filePath, "<")) {
+            if (StrUtil.contains(filePath, "../")||StrUtil.contains(filePath, "..\\")||
+                    StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
                 return null;
             }
             //获取目标文件的绝对路径  
@@ -190,8 +191,8 @@ public class PlanUtil {
         }
         if(listm!=null&&listm.size()>0){
             Map<String, String> map=listm.get(0);
-           String fileName =StrUtil.replace( map.get("fileName"),"<","");
-           String filePath = StrUtil.replace(map.get("filePath"),"<","");
+           String fileName =StrUtil.replace(StrUtil.replace( map.get("fileName"),"../",""),"..\\","");
+           String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
          
            List<ConnectionPlan> lst= planlist( fileName, filePath);
            

src/com/ejweb/modules/route/api/RouteVerifyController.java

@@ -189,14 +189,6 @@ public class RouteVerifyController {
         return responseBean;
     }
 
-    public static void main(String[] args) {
-        String content = "<p>\r\n\t&lt;p&gt; &amp;lt;p&amp;gt; &amp;amp;lt;p style=&amp;amp;quot;text-indent:20pt;&amp;amp;quot;&amp;amp;gt; 6月30日，在首届世界智能大会的&amp;amp;amp;amp;ldquo;智能城市与社会论坛&amp;amp;amp;amp;rdquo;上，中新天津生态城管委会与太极计算机股份有限公司、中国智慧城市产业技术创新战略联盟、中国软件行业协会三家单位签署战略合作协议。今后，生态城将与各方在智慧城市建设等领域展开全方位战略合作，共同推进智慧民生、智慧管理和智慧经济快速发展。作为智能领域全球首个大型高端交流平台，世界智能大会不仅致力于打造世界级先进智能科技成果发布平台、创新合作平台、产业聚集平台和投融资对接平台，更重在智能领域促进中国与世界的交流合作，将先进的科技成果和发展理念引入国内。此次由中新天津生态城承办的&amp;amp;amp;amp;ldquo;智慧城市与社会论坛;，正是在创新、协调、绿色、开放、共享发展理念不断深入，城市与社会被赋予新内涵、新要求的大背景下，展开的一场以&amp;amp;amp;amp;ldquo;智慧城市与社会&amp;amp;amp;amp;rdquo;为主题的观点交锋和头脑风暴。&amp;amp;amp;lt;/p&amp;amp;amp;gt; &amp;amp;amp;lt;p style=&amp;amp;amp;quot;margin: 8px auto auto; padding: inherit; clear: both; line-height: 26px; color: rgb(128, 128, 128); font-family: Verdana, Arial, sans-serif, &amp;amp;amp;amp;quot;Times New Roman&amp;amp;amp;amp;quot;, 宋体; white-space: normal;&amp;amp;amp;quot;&amp;amp;amp;gt; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp;会议邀请到中国工程院院士李伯虎、阿里巴巴集团副总裁刘松、世界工程组织联合会（WFEO）当选主席Marlene Kanga等10余位国内外嘉宾，以主题演讲和高峰对话等形式，深入探讨了&amp;amp;amp;amp;ldquo;人工智能2.0&amp;amp;amp;amp;rdquo;、&amp;amp;amp;amp;ldquo;智能化思维构建行业大脑&amp;amp;amp;amp;rdquo;、&amp;amp;amp;amp;ldquo;智慧城市行业中智能技术的应用&amp;amp;amp;amp;rdquo;等热点话题，分享新型智慧城市规划、建设与管理运营理念,以及城市智慧治理与社会服务创新的相关成果，为200多位与会者献上了一场精彩的观点盛宴。&amp;amp;amp;lt;/p&amp;amp;amp;gt; &amp;amp;amp;lt;p style=&amp;amp;amp;quot;margin: 8px auto auto; padding: inherit; clear: both; line-height: 26px; color: rgb(128, 128, 128); font-family: Verdana, Arial, sans-serif, &amp;amp;amp;amp;quot;Times New Roman&amp;amp;amp;amp;quot;, 宋体; white-space: normal;&amp;amp;amp;quot;&amp;amp;amp;gt; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp;论坛上，中新天津生态城管委会与太极计算机股份有限公司、中国智慧城市产业技术创新战略联盟、中国软件行业协会三家单位签署战略合作协议，将在智慧城市运营管理，生态城大数据分析，推动科技、信息产业园区建设，共享产业专家智库等方面加强合作。双方今后将积极探索生态城的智慧城市建设、运营、管理新模式，以科技信息手段，助力生态城智慧城市体系建设，推动城市管理向立体化、精细化发展。与此同时，三家单位将充分发挥在各自领域的优势，结合生态城的发展实际和未来需求，推荐品牌企业入驻，通过建设具有国际领先水平的智慧城市智库、研发中心、创新创业基地、示范和体验基地，促进政、产、学、研、用等合作，推动技术创新成果产业转化，加速生态城智慧城市体系建设和产业转型升级。&amp;amp;amp;lt;/p&amp;amp;amp;gt; &amp;amp;amp;lt;p style=&amp;amp;amp;quot;margin: 8px auto auto; padding: inherit; clear: both; line-height: 26px; color: rgb(128, 128, 128); font-family: Verdana, Arial, sans-serif, &amp;amp;amp;amp;quot;Times New Roman&amp;amp;amp;amp;quot;, 宋体; white-space: normal;&amp;amp;amp;quot;&amp;amp;amp;gt; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp; &amp;amp;amp;amp;nbsp;作为中国、新加坡两国政府间的战略性合作项目，中新天津生态城一直致力于提升现有城市发展和服务水平，通过智慧城市综合应用中心、智慧城市大数据平台等项目，推动城市发展。生态城智慧城市项目自启动以来，各项目进展顺利。此次生态城与三家单位签署战略合作协议，将提高政府行政管理和服务能力，促进经济转型升级、培育智慧经济，加快生态城的智慧城市建设步伐。&amp;amp;amp;lt;/p&amp;amp;amp;gt;&amp;amp;lt;/p&amp;amp;gt;&amp;lt;/p&amp;gt;&lt;/p&gt;</p>";
-        if (content != null && content.indexOf(">") != -1 && content.lastIndexOf("<") != -1 && content.indexOf(">") < content.lastIndexOf("<")) {
-            content = content.substring(content.indexOf(">") + 1, content.lastIndexOf("<"));
-        }
-        System.out.println(content);
-    }
-
     //论证意见
     @ResponseBody
     @RequestMapping(value = "/update")

src/com/ejweb/modules/sailing/service/SailingCommandService.java

@@ -4,6 +4,10 @@
 package com.ejweb.modules.sailing.service;
 
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import cn.hutool.crypto.SmUtil;
+import cn.hutool.crypto.asymmetric.KeyType;
+import cn.hutool.crypto.asymmetric.SM2;
 import com.ejweb.core.base.CurdService;
 import com.ejweb.core.base.PageEntity;
 import com.ejweb.core.conf.GConstants;
@@ -50,6 +54,7 @@ import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.KeyPair;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -168,8 +173,8 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
             entity.setConnect(verifyDao.getConnectList(bean.getVerifId()));
             if (listm != null && listm.size() > 0) {
                 Map<String, String> map = listm.get(0);
-                String fileName = map.get("fileName");
-                String filePath = map.get("filePath");
+                String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
+                String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
 
 
                 List<ConnectionPlan> lst = planlist(fileName, filePath);
@@ -491,8 +496,8 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
                 }
                 if (listm != null && listm.size() > 0) {
                     Map<String, String> map = listm.get(0);
-                    String fileName = map.get("fileName");
-                    String filePath = StrUtil.replace( map.get("filePath"),"<","");
+                    String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
+                    String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
 
                     List<ConnectionPlan> lst = planlist(fileName, filePath);
 
@@ -775,8 +780,8 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
             }
             if (listm != null && listm.size() > 0) {
                 Map<String, String> map = listm.get(0);
-                String fileName = map.get("fileName");
-                String filePath = StrUtil.replace(map.get("filePath"),"<","");
+                String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
+                String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
 
                 List<ConnectionPlan> lst = planlist(fileName, filePath);
 
@@ -1006,7 +1011,7 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
         try {
             //获取目标文件的绝对路径  
             //  String fullFileName = filePath;
-            String fullFileName = GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "<", "");
+            String fullFileName = StrUtil.replace(GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "../", ""),"..\\","");
             InputStream in = null;
             in = new FileInputStream(fullFileName);
             ImportExcel ei = new ImportExcel(fileName, in, 1, 0);
@@ -1092,4 +1097,7 @@ public class SailingCommandService extends CurdService<SailingCommandDao, Sailin
         verifyDao.insertAirTypes(addBean);
 
     }
+
+
+
 }

src/com/ejweb/modules/upload/api/UploadController.java

@@ -288,7 +288,7 @@ public class UploadController {
                 if (bean.getPath().indexOf("../") != -1) {
                     return;
                 }
-                if(StrUtil.contains(bean.getPath(), "<")){
+                if(StrUtil.contains(bean.getPath(), "../")||StrUtil.contains(bean.getPath(), "..\\")){
                     throw new RuntimeException("文件路径异常!");
                 }
             }
@@ -408,8 +408,8 @@ public class UploadController {
     public ResponseBean verifFile(HttpServletRequest request, RequestBean requestBean) {
         ResponseBean responseBean = new ResponseBean();
         String stream = request.getParameter("fileStream");
-        String filePath = StrUtil.replace(request.getParameter("filePath"), "<", "");
-        String fileDir = StrUtil.replace(request.getParameter("fileDir"), "<", "");
+        String filePath = StrUtil.replace(StrUtil.replace(request.getParameter("filePath"), "../", ""),"..\\","");
+        String fileDir = StrUtil.replace(StrUtil.replace(request.getParameter("fileDir"), "../", ""),"..\\","");
         ByteArrayInputStream bais = null;
         FileOutputStream ostream = null;
         try {
@@ -425,7 +425,8 @@ public class UploadController {
                 return responseBean;
             }
 
-            if (StrUtil.contains(filePath,"<")||StrUtil.contains(fileDir,"<")) {
+            if (StrUtil.contains(filePath,"../")||StrUtil.contains(filePath,"..\\")
+                    ||StrUtil.contains(fileDir,"../")||StrUtil.contains(fileDir,"..\\")) {
                 throw new RuntimeException("文件路径非法");
             }
             File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, fileDir);

src/com/ejweb/modules/upload/service/UploadService.java

@@ -207,7 +207,7 @@ public class UploadService extends BaseService<UploadDao>{
                         moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
                         if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
                             moduleName = "files";
-                        if (StrUtil.contains(moduleName,"<")) {
+                        if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
                             moduleName = "files";
                         }
                     }
@@ -345,13 +345,13 @@ public class UploadService extends BaseService<UploadDao>{
                 moduleName = moduleName.replaceAll("[\\|//]+", "/");
                 if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
                     moduleName = "files";
-                if (StrUtil.contains(moduleName,"<")) {
+                if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
                     moduleName = "files";
                 }
             }
             // 文件保存路径：基本路径+模块名称+日期
             String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis());
-            if (StrUtil.contains(baseDatePath, "<")) {
+            if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
                 throw new RuntimeException("模块名称非法");
             }
             String basePath     = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
@@ -499,7 +499,8 @@ public class UploadService extends BaseService<UploadDao>{
                 }
                 String extesionName = Util.getExtensionName(originalFilename);
                 if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL
-                    if(originalFilename.contains("blob")||originalFilename.contains("<")){
+                    if(originalFilename.contains("blob")||originalFilename.contains("../")
+                    ||originalFilename.contains("..\\")){
                         return null;
                     }
                     return  "无法获取文件扩展名："+originalFilename;

src/com/ejweb/modules/verify/api/AirlineConclusionController.java

@@ -210,7 +210,7 @@ public class AirlineConclusionController {
             response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
             //获取目标文件的绝对路径
             String path = uploadFileBean.getPath();
-            if(StrUtil.contains(path, "<")){
+            if(StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")){
                 throw new RuntimeException("文件路径不正确");
             }
             String fullFileName = GConstants.FILE_UPLOAD_DIR + path;

src/com/ejweb/modules/verify/api/AirlineVerifyController.java

@@ -718,7 +718,7 @@ public class AirlineVerifyController {
         sb.append("</tbody></table>");
 
         UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
-        if (StrUtil.contains(uploadFileBean.getPath(), "<")) {
+        if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
             throw new RuntimeException("文件名包含非法字符");
         }
         InputStream in = null;

src/com/ejweb/modules/verify/api/VerifyDocumentController.java

@@ -86,7 +86,7 @@ public class VerifyDocumentController {
         for (VerifyDocumentListEntity entityTmp : documentListEntities) {
             try {
                 String filePath = entityTmp.getFilePath();
-                if (StrUtil.contains(filePath,"<")) {
+                if (StrUtil.contains(filePath,"../")||StrUtil.contains(filePath, "..\\")) {
                     continue;
                 }
                 File fTmp = new File(FileManipulation.validateFile(GConstants.FILE_UPLOAD_DIR + filePath));

src/com/ejweb/modules/verify/service/AirlineVerifyService.java

@@ -186,7 +186,7 @@ public class AirlineVerifyService extends BaseService<AirlineVerifyDao> {
         //读取文件  
         try {
             //获取目标文件的绝对路径  
-            String fullFileName = GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "<", "");
+            String fullFileName = StrUtil.replace(GConstants.FILE_UPLOAD_DIR + StrUtil.replace(filePath, "../", ""),"..\\","");
             // String fullFileName ="D:\\论证计划.xlsx";
             InputStream in = null;
             in = new FileInputStream(fullFileName);
@@ -263,7 +263,7 @@ public class AirlineVerifyService extends BaseService<AirlineVerifyDao> {
             if (list != null && list.size() > 0) {
                 Map<String, String> map = list.get(0);
                 String fileName = map.get("fileName");
-                String filePath = StrUtil.replace(map.get("filePath"),"<","");
+                String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
 
                 List<ConnectionPlan> lst = planlist(fileName, filePath);
                 airlineVerifyDetailEntity.setConnectionPlan(lst);
@@ -662,8 +662,8 @@ public class AirlineVerifyService extends BaseService<AirlineVerifyDao> {
             StringBuffer sb = new StringBuffer();
             if (listm != null && listm.size() > 0) {
                 Map<String, String> map = listm.get(0);
-                String fileName = map.get("fileName");
-                String filePath = StrUtil.replace(map.get("filePath"),"<","");
+                String fileName = StrUtil.replace(StrUtil.replace(map.get("fileName"),"../",""),"..\\","");
+                String filePath = StrUtil.replace(StrUtil.replace(map.get("filePath"),"../",""),"..\\","");
 
                 List<ConnectionPlan> lst = planlist(fileName, filePath);