Skip to content

A
api
Commit e630033e by 罗胜
Options

漏洞问题

parent 6eec98c3
Showing with 1244 additions and 1240 deletions
resources/esdk_ec_config.properties
......@@ -2,10 +2,12 @@
rest.url=http://218.241.234.131:8086
#connection user name
#??DataBaseXml?????
username=f387adfd9ac040d78061c890ead8e215
#username=esdk_user
#connection user password
#??DataBaseXml?????
password=c49bc828b17297f1dbcfd394c7835dc6
#gwIp
......
resources/jdbc.properties
......@@ -3,7 +3,9 @@ db.table.prefix=foc_
jdbc.type=mysql
jdbc.driver.class=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
#??DataBaseXml?????
jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
#??DataBaseXml?????
jdbc.password=33c9745f057ba48a41d8043f1a007100
#\u521d\u59cb\u5316\u8fde\u63a5
jdbc.initialSize=0
......
src/com/ejweb/core/conf/GConstants.java
......@@ -121,92 +121,92 @@ public class GConstants {
private GConstants() {
// 加载基本配置文件
// 加载基本配置文件
InputStream is = null;
ResourceLoader resourceLoader = null;
Resource resource = null;
for (String location : resources) {// 加载配置文件
try {
if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
continue;
}
resourceLoader = new DefaultResourceLoader();
resource = resourceLoader.getResource(location);
is = resource.getInputStream();
P.load(is);
LOG.debug("加载" + location + "成功");
} catch (Exception e) {
LOG.info("加载" + location + "失败", e);
} finally {
IOUtils.closeQuietly(is);
}
}
try {
Enumeration<?> enu = P.propertyNames();
while (enu.hasMoreElements()) {
try {
String key = (String) enu.nextElement();
String val = (String) P.get(key);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
String decorded = DES3Utils.decrypt(val, key1);
if (decorded != null) {
P.put(key, decorded);
}
// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
// String val = (String) P.get(key);
// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
// if(decorded != null){
// P.put(key, decorded);
// // 加载基本配置文件
// InputStream is = null;
// ResourceLoader resourceLoader = null;
// Resource resource = null;
// for (String location : resources) {// 加载配置文件
// try {
// if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
// continue;
// }
// resourceLoader = new DefaultResourceLoader();
// resource = resourceLoader.getResource(location);
// is = resource.getInputStream();
// P.load(is);
//
// LOG.debug("加载" + location + "成功");
// } catch (Exception e) {
// LOG.info("加载" + location + "失败", e);
// } finally {
// IOUtils.closeQuietly(is);
// }
// }
// try {
// Enumeration<?> enu = P.propertyNames();
// while (enu.hasMoreElements()) {
// try {
// String key = (String) enu.nextElement();
// String val = (String) P.get(key);
// SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
// String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
// String decorded = DES3Utils.decrypt(val, key1);
// if (decorded != null) {
// P.put(key, decorded);
// }
//// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
//// String val = (String) P.get(key);
//// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
//// if(decorded != null){
//// P.put(key, decorded);
//// }
//// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// try {
// // 上传文件扩展名称限制
// String extensions = GConstants.getValue("file.allow.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), false);
// }
// }
} catch (Exception e) {
// TODO: handle exception
}
}
} catch (Exception e) {
// TODO: handle exception
}
try {
// 上传文件扩展名称限制
String extensions = GConstants.getValue("file.allow.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), false);
}
}
}
}
// 图片后缀文件
extensions = GConstants.getValue("file.image.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), true);
}
}
}
}
// }
// }
// // 图片后缀文件
// extensions = GConstants.getValue("file.image.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), true);
// }
// }
// }
// }
// 临时文件夹路径
if (P.getProperty("file.upload.dir") != null) {
String pathname = P.getProperty("file.upload.dir") + "tmp";
if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
throw new RuntimeException("临时文件夹路径配置错误");
}
File tmp = new File(pathname);
if (!tmp.exists())
tmp.mkdirs();
}
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
// if (P.getProperty("file.upload.dir") != null) {
// String pathname = P.getProperty("file.upload.dir") + "tmp";
// if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
// throw new RuntimeException("临时文件夹路径配置错误");
// }
// File tmp = new File(pathname);
// if (!tmp.exists())
// tmp.mkdirs();
// }
// } catch (Exception e) {
// // TODO: handle exception
// e.printStackTrace();
// }
}
/**
......@@ -216,29 +216,29 @@ public class GConstants {
* @return
*/
public static String getValue(String key) {
if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
return null;
}
if (key == null)
return null;
if (P.containsKey(key)) {
return P.getProperty(key);
}
String property = System.getProperty(key);
if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
// if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
// return null;
// }
// if (key == null)
// return null;
// if (P.containsKey(key)) {
// return P.getProperty(key);
// }
// String property = System.getProperty(key);
// if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
return null;
}
return property;
// }
// return property;
}
public static String getValue(String key, String want) {
String val = getValue(key);
if (val == null)
return want;
if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
return want;
}
return val;
// String val = getValue(key);
// if (val == null)
// return want;
// if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
// return want;
// }
return "";
}
/**
......
src/com/ejweb/core/file/Html2File.java
......@@ -37,95 +37,95 @@ public class Html2File {
public static UploadFileBean convertHtml2Word(String htmlBody) {
// 去掉textarea标签
String regEx_style = "<textarea[^>]*?>";
Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE);
Matcher m_script = p_script.matcher(htmlBody);
htmlBody = m_script.replaceAll("");
htmlBody= htmlBody.replaceAll("<\\/textarea>", "");
// String regEx_style = "<textarea[^>]*?>";
//
// Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE);
// Matcher m_script = p_script.matcher(htmlBody);
// htmlBody = m_script.replaceAll("");
//
// htmlBody= htmlBody.replaceAll("<\\/textarea>", "");
UploadFileBean fileBean = new UploadFileBean();
fileBean.setPath(null);
ByteArrayInputStream bais = null;
FileOutputStream ostream = null;
try {
fileBean.setExtesion(".doc");
String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date());
// 待扩展名称的MOD5
String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// 文件保存路径:基本路径+模块名称+日期
String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
String basePath = "doc" + GConstants.FS;
// String outputFile =
// baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
// String outputFile = "D:/2016/09/214/"+md5;
StringBuffer html = new StringBuffer();
// DOCTYPE 必需写否则类似于 这样的字符解析会出现错误
html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" ");
html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
html.append("<head>");
html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />");
html.append("<style type=\"text/css\" mce_bogus=\"1\">");
html.append("body {font-family: SimSun;} ");
html.append("table ");
html.append("{ ");
html.append("border-collapse: collapse; ");
html.append("border: none; ");
// html.append("width: 200px; ");
html.append("} ");
html.append("td ");
html.append("{ ");
html.append("border: solid #000 1px;");
html.append("} ");
html.append("</style>");
html.append("<style type=\"text/css\">img {width: 700px;}</style>");
html.append("</head>");
html.append("<body>");
html.append("<center>");
// System.out.println("-----------" + formText);
html.append(htmlBody);
html.append("</center>");
html.append("</body></html>");
byte buf[] = html.toString().getBytes("UTF-8");
fileBean.setSize(buf.length);
bais = new ByteArrayInputStream(buf);
// fileBean.setPath(null);
// ByteArrayInputStream bais = null;
// FileOutputStream ostream = null;
// try {
// fileBean.setExtesion(".doc");
// String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date());
// // 待扩展名称的MOD5
// String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// // 文件保存路径:基本路径+模块名称+日期
// String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
// String basePath = "doc" + GConstants.FS;
// // String outputFile =
// // baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
// // String outputFile = "D:/2016/09/214/"+md5;
// StringBuffer html = new StringBuffer();
// // DOCTYPE 必需写否则类似于 这样的字符解析会出现错误
// html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" ");
// html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
// html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
// html.append("<head>");
// html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />");
// html.append("<style type=\"text/css\" mce_bogus=\"1\">");
// html.append("body {font-family: SimSun;} ");
// html.append("table ");
// html.append("{ ");
// html.append("border-collapse: collapse; ");
// html.append("border: none; ");
// // html.append("width: 200px; ");
// html.append("} ");
// html.append("td ");
// html.append("{ ");
// html.append("border: solid #000 1px;");
// html.append("} ");
// html.append("</style>");
// html.append("<style type=\"text/css\">img {width: 700px;}</style>");
// html.append("</head>");
// html.append("<body>");
//
// html.append("<center>");
//// System.out.println("-----------" + formText);
// html.append(htmlBody);
// html.append("</center>");
//
// html.append("</body></html>");
//
// byte buf[] = html.toString().getBytes("UTF-8");
// fileBean.setSize(buf.length);
// bais = new ByteArrayInputStream(buf);
//
// String md5 = DigestUtils.md5Hex(buf);
String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// 上传文件基本地址
String path = GConstants.FILE_UPLOAD_DIR + baseDir;
if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
throw new RuntimeException("文件路径非法");
}
File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
POIFSFileSystem poifs = new POIFSFileSystem();
DirectoryEntry directory = poifs.getRoot();
directory.createDocument("WordDocument", bais);
// 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5);
ostream = new FileOutputStream(uploadFilePath);
poifs.writeFilesystem(ostream);
String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
fileBean.setPath(path);
uploadFile(path,baseDir,buf);
} catch (Exception e) {
// TODO: handle exception
} finally {
IOUtils.closeQuietly(bais);
IOUtils.closeQuietly(ostream);
}
// String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// // 上传文件基本地址
// String path = GConstants.FILE_UPLOAD_DIR + baseDir;
// if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
// throw new RuntimeException("文件路径非法");
// }
// File baseUploadDir = new File(path);
// if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
//
// baseUploadDir.mkdirs();
// }
// POIFSFileSystem poifs = new POIFSFileSystem();
// DirectoryEntry directory = poifs.getRoot();
// directory.createDocument("WordDocument", bais);
// // 文件保存地址
// File uploadFilePath = new File(baseUploadDir, md5);
// ostream = new FileOutputStream(uploadFilePath);
// poifs.writeFilesystem(ostream);
// String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
// fileBean.setPath(path);
//
// uploadFile(path,baseDir,buf);
// } catch (Exception e) {
// // TODO: handle exception
// } finally {
// IOUtils.closeQuietly(bais);
// IOUtils.closeQuietly(ostream);
// }
return fileBean;
}
......
src/com/ejweb/core/geoip/IPSeeker.java
......@@ -68,55 +68,55 @@ public final class IPSeeker {
private static IPSeeker INS = new IPSeeker();
private IPSeeker() {
String dir = GConstants.getValue("geoip.db.dir", null);
try {
if(dir == null || dir.length() == 0){
dir = IPSeeker.class.getResource("/").getPath();
if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
} else {// 非WEB项目获取当前路径
File file = new File("");
dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
}
}
String path = dir + "QQWry.dat";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
}
File db = new File(path);
LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
if(db.exists()){
this.ipFile = new RandomAccessFile(db, "r");
if (this.ipFile != null) {
this.ipBegin = readLong4(0L);
this.ipEnd = readLong4(4L);
if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
this.ipFile.close();
this.ipFile = null;
}
}
LOG.info("成功加载QQWry.dat数据库");
}
} catch (Exception e) {
LOG.error("QQWry.dat数据库不可用");
e.printStackTrace();
}
try {
String path = dir + "GeoLite2-City.mmdb";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return ;
}
File db = new File(path);
LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
if(db.exists()){
reader = new DatabaseReader.Builder(db).build();
LOG.info("成功加载GeoLite2-City.mmdb数据库");
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
LOG.error("GeoLite2-City.mmdb数据库不可用");
}
// String dir = GConstants.getValue("geoip.db.dir", null);
// try {
// if(dir == null || dir.length() == 0){
// dir = IPSeeker.class.getResource("/").getPath();
// if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
// dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
// } else {// 非WEB项目获取当前路径
// File file = new File("");
// dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
// }
// }
// String path = dir + "QQWry.dat";
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
// }
// File db = new File(path);
// LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
// if(db.exists()){
// this.ipFile = new RandomAccessFile(db, "r");
// if (this.ipFile != null) {
// this.ipBegin = readLong4(0L);
// this.ipEnd = readLong4(4L);
// if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
// this.ipFile.close();
// this.ipFile = null;
// }
// }
// LOG.info("成功加载QQWry.dat数据库");
// }
// } catch (Exception e) {
// LOG.error("QQWry.dat数据库不可用");
// e.printStackTrace();
// }
// try {
// String path = dir + "GeoLite2-City.mmdb";
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// return ;
// }
// File db = new File(path);
// LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
// if(db.exists()){
// reader = new DatabaseReader.Builder(db).build();
// LOG.info("成功加载GeoLite2-City.mmdb数据库");
// }
// } catch (Exception e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// LOG.error("GeoLite2-City.mmdb数据库不可用");
// }
}
public static IPSeeker getInstance() {
......
src/com/ejweb/core/util/ImageUtil.java
......@@ -39,97 +39,97 @@ public final class ImageUtil {
private static int clip = 4;
public static String combineHighQuality(List<String> paths) {
try {
if (paths != null && paths.size() == 1) {
if (StringUtils.isNotEmpty(paths.get(0))) {
return paths.get(0).replace(GConstants.FILE_UPLOAD_DIR, "");
}
}
int width = child_w * 2 + clip * 3;
int height = width;
List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>();
for (int i = 0; i < (paths.size() > 4 ? 4 : paths.size()); i++) {
BufferedImage bufferedImageTmp = zoomImage(Util.getRelativePath(paths.get(i)), child_w, child_w);
if (bufferedImageTmp != null) {
bufferedImages.add(bufferedImageTmp);
}
}
BufferedImage outImage = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB);
// 生成画布
Graphics g = outImage.getGraphics();
Graphics2D g2d = (Graphics2D) g;
// 设置背景色
g2d.setBackground(Color.WHITE);
// 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
g2d.clearRect(0, 0, width, height);
// 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中
int j = 1;
for (int i = 1; i <= bufferedImages.size(); i++) {
if (bufferedImages.size() == 4) {
if (i <= 2) {
g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i
- child_w, clip, null);
} else {
g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j
- child_w, child_w + clip * 2, null);
j++;
}
} else if (bufferedImages.size() == 3) {
if (i <= 1) {
g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, clip, null);
} else {
g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j
- child_w, child_w + clip * 2, null);
j++;
}
} else if (bufferedImages.size() == 2) {
g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i - child_w,
(width - child_w) / 2, null);
} else if (bufferedImages.size() == 1) {
g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, (width - child_w) / 2, null);
}
}
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
if (StrUtil.contains(baseDatePath,"../")||StrUtil.contains(baseDatePath, "..\\")) {
return null;
}
// 验证文件安全
baseDatePath = FileManipulation.validateFile(baseDatePath);
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
String fileName = IdWorker.getNextId() + "." + PNG;
if (StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
return null;
}
String fullFileName = baseUploadDir + GConstants.FS + fileName;
// File uploadFilePath = new File(baseUploadDir, fileName);
writeHighQuality(outImage, fullFileName);
String fileNamePath = baseDatePath + fileName;
return StrUtil.replace(StrUtil.replace(fileNamePath,"../",""),"..\\","");
} catch (Exception e) {
e.printStackTrace();
}
// try {
// if (paths != null && paths.size() == 1) {
// if (StringUtils.isNotEmpty(paths.get(0))) {
//
// return paths.get(0).replace(GConstants.FILE_UPLOAD_DIR, "");
// }
// }
// int width = child_w * 2 + clip * 3;
// int height = width;
// List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>();
// for (int i = 0; i < (paths.size() > 4 ? 4 : paths.size()); i++) {
// BufferedImage bufferedImageTmp = zoomImage(Util.getRelativePath(paths.get(i)), child_w, child_w);
// if (bufferedImageTmp != null) {
// bufferedImages.add(bufferedImageTmp);
// }
// }
//
// BufferedImage outImage = new BufferedImage(width, height,
// BufferedImage.TYPE_INT_RGB);
//
// // 生成画布
// Graphics g = outImage.getGraphics();
//
// Graphics2D g2d = (Graphics2D) g;
//
// // 设置背景色
// g2d.setBackground(Color.WHITE);
//
// // 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
// g2d.clearRect(0, 0, width, height);
//
// // 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中
// int j = 1;
// for (int i = 1; i <= bufferedImages.size(); i++) {
// if (bufferedImages.size() == 4) {
// if (i <= 2) {
// g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i
// - child_w, clip, null);
// } else {
// g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j
// - child_w, child_w + clip * 2, null);
// j++;
// }
// } else if (bufferedImages.size() == 3) {
// if (i <= 1) {
//
// g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, clip, null);
//
// } else {
//
// g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j
// - child_w, child_w + clip * 2, null);
//
// j++;
// }
//
// } else if (bufferedImages.size() == 2) {
//
// g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i - child_w,
// (width - child_w) / 2, null);
//
// } else if (bufferedImages.size() == 1) {
//
// g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, (width - child_w) / 2, null);
//
// }
//
// }
//
// String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
// if (StrUtil.contains(baseDatePath,"../")||StrUtil.contains(baseDatePath, "..\\")) {
// return null;
// }
// // 验证文件安全
// baseDatePath = FileManipulation.validateFile(baseDatePath);
// File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath);
// if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
// baseUploadDir.mkdirs();
// }
// String fileName = IdWorker.getNextId() + "." + PNG;
// if (StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
// return null;
// }
// String fullFileName = baseUploadDir + GConstants.FS + fileName;
// // File uploadFilePath = new File(baseUploadDir, fileName);
// writeHighQuality(outImage, fullFileName);
// String fileNamePath = baseDatePath + fileName;
// return StrUtil.replace(StrUtil.replace(fileNamePath,"../",""),"..\\","");
// } catch (Exception e) {
// e.printStackTrace();
// }
return null;
}
......@@ -137,45 +137,45 @@ public final class ImageUtil {
public static BufferedImage zoomImage(String src, int toWidth, int toHeight) {
BufferedImage result = null;
if (StrUtil.contains(src, "../")||StrUtil.contains(src, "..\\")) {
return null;
}
try {
// 验证文件安全
src = FileManipulation.validateFile(src);
File srcfile = new File(src);
if (!srcfile.exists()) {
String path = GConstants.FILE_UPLOAD_DIR + src;
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return null;
}
srcfile = new File(path);
if (!srcfile.exists()) {
// System.out.println("文件不存在");
return null;
}
}
BufferedImage im = ImageIO.read(srcfile);
/* 原始图像的宽度和高度 */
// int width = im.getWidth();
// int height = im.getHeight();
/* 新生成结果图片 */
result = new BufferedImage(toWidth, toHeight,
BufferedImage.TYPE_INT_ARGB);
Graphics2D graphics2d = (Graphics2D) result.getGraphics();
// graphics2d.setBackground(Color.WHITE);
graphics2d.drawImage(
im.getScaledInstance(toWidth, toHeight,
java.awt.Image.SCALE_SMOOTH), 0, 0, null);
// graphics2d.dispose();
} catch (Exception e) {
e.printStackTrace();
// System.out.println("创建缩略图发生异常" + e.getMessage());
}
// if (StrUtil.contains(src, "../")||StrUtil.contains(src, "..\\")) {
// return null;
// }
// try {
// // 验证文件安全
// src = FileManipulation.validateFile(src);
// File srcfile = new File(src);
// if (!srcfile.exists()) {
// String path = GConstants.FILE_UPLOAD_DIR + src;
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// return null;
// }
// srcfile = new File(path);
// if (!srcfile.exists()) {
//// System.out.println("文件不存在");
// return null;
// }
// }
// BufferedImage im = ImageIO.read(srcfile);
//
// /* 原始图像的宽度和高度 */
//// int width = im.getWidth();
//// int height = im.getHeight();
//
// /* 新生成结果图片 */
// result = new BufferedImage(toWidth, toHeight,
// BufferedImage.TYPE_INT_ARGB);
//
// Graphics2D graphics2d = (Graphics2D) result.getGraphics();
//// graphics2d.setBackground(Color.WHITE);
// graphics2d.drawImage(
// im.getScaledInstance(toWidth, toHeight,
// java.awt.Image.SCALE_SMOOTH), 0, 0, null);
//// graphics2d.dispose();
//
// } catch (Exception e) {
// e.printStackTrace();
//// System.out.println("创建缩略图发生异常" + e.getMessage());
// }
return result;
......@@ -217,129 +217,129 @@ public final class ImageUtil {
* @time 2016年10月5日
*/
public static String combine(List<String> paths) {
try {
if (paths == null || paths.size() == 0)
return null;
List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>();
// 压缩图片所有的图片生成尺寸同意的 为 50x50
int size = paths.size();// > 4 ? 4 : paths.size();
List<String> realPaths = new ArrayList<String>(4);
for (int i = 0, j = 0; i < size && j < 4; i++) {
// 验证文件安全
String path = FileManipulation.validateFile(paths.get(i));
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
continue;
}
File f = new File(path);
if (f.exists()) {
j++;
bufferedImages.add(ImageUtil.resize(paths.get(i), 100, 100, true));
realPaths.add(paths.get(i));
} else {
String path1 = GConstants.FILE_UPLOAD_DIR + paths.get(i);
f = new File(path1);
if (StrUtil.contains(path1, "../")||StrUtil.contains(path1, "..\\")) {
continue;
}
if (f.exists()) {
j++;
realPaths.add(GConstants.FILE_UPLOAD_DIR + paths.get(i));
bufferedImages.add(ImageUtil.resize(GConstants.FILE_UPLOAD_DIR + paths.get(i), 100, 100, true));
}
}
}
int width = 112; // 这是画板的宽高
int height = 112; // 这是画板的高度
// BufferedImage.TYPE_INT_RGB可以自己定义可查看API
BufferedImage outImage = null;
if (realPaths.size() == 1) {// 只有一个图片
BufferedImage imageSrc = ImageUtil.resize(realPaths.get(0), 100, 100, true);
outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
Graphics g = outImage.getGraphics();
Graphics2D g2d = (Graphics2D) g;
// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(0, 0, 112, 112, 12, 12);
// g2d.draw(roundedRectangle);
// 设置背景色
// g2d.setBackground(new Color(231, 231, 231));
// g2d.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 60, 60));
g2d.setBackground(Color.WHITE);
// g2d.setColor(Color.WHITE);
// 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
g2d.clearRect(0, 0, width, height);
// ImageUtil.setClip(outImage, 20);
g2d.drawImage(imageSrc, 6, 6, null);
} else {
outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
// 生成画布
Graphics g = outImage.getGraphics();
Graphics2D g2d = (Graphics2D) g;
// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(100, 100, 240, 160, 60, 60);
// g2d.draw(roundedRectangle);
// 设置背景色
// g2d.setBackground(new Color(231, 231, 231));
// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 12, 12));
g2d.setBackground(Color.WHITE);
// 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
g2d.clearRect(0, 0, width, height);
// 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中
int j = 1;
for (int i = 1; i <= bufferedImages.size(); i++) {
if (bufferedImages.size() == 4) {
if (i <= 2) {
g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 4, null);
} else {
g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 58, null);
j++;
}
} else if (bufferedImages.size() == 3) {
if (i <= 1) {
g2d.drawImage(bufferedImages.get(i - 1), 31, 4, null);
} else {
g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 51, null);
j++;
}
} else if (bufferedImages.size() == 2) {
g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 31, null);
} else if (bufferedImages.size() == 1) {
g2d.drawImage(bufferedImages.get(i - 1), 31, 31, null);
}
// 需要改变颜色的话在这里绘上颜色。可能会用到AlphaComposite类
}
}
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
return null;
}
String path = GConstants.FILE_UPLOAD_DIR + baseDatePath;
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return null;
}
File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
String fileName = IdWorker.getNextId() + "." + PNG;
File uploadFilePath = new File(baseUploadDir, fileName);
// System.out.println(uploadFilePath.getAbsolutePath());
ImageIO.write(outImage, PNG.toUpperCase(), uploadFilePath);
return baseDatePath + fileName;
} catch (Exception e) {
// TODO: handle exception
}
// try {
// if (paths == null || paths.size() == 0)
// return null;
// List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>();
// // 压缩图片所有的图片生成尺寸同意的 为 50x50
// int size = paths.size();// > 4 ? 4 : paths.size();
// List<String> realPaths = new ArrayList<String>(4);
// for (int i = 0, j = 0; i < size && j < 4; i++) {
// // 验证文件安全
//
// String path = FileManipulation.validateFile(paths.get(i));
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// continue;
// }
// File f = new File(path);
// if (f.exists()) {
// j++;
// bufferedImages.add(ImageUtil.resize(paths.get(i), 100, 100, true));
// realPaths.add(paths.get(i));
// } else {
// String path1 = GConstants.FILE_UPLOAD_DIR + paths.get(i);
// f = new File(path1);
// if (StrUtil.contains(path1, "../")||StrUtil.contains(path1, "..\\")) {
// continue;
// }
// if (f.exists()) {
// j++;
// realPaths.add(GConstants.FILE_UPLOAD_DIR + paths.get(i));
// bufferedImages.add(ImageUtil.resize(GConstants.FILE_UPLOAD_DIR + paths.get(i), 100, 100, true));
// }
// }
// }
// int width = 112; // 这是画板的宽高
// int height = 112; // 这是画板的高度
// // BufferedImage.TYPE_INT_RGB可以自己定义可查看API
// BufferedImage outImage = null;
// if (realPaths.size() == 1) {// 只有一个图片
//
// BufferedImage imageSrc = ImageUtil.resize(realPaths.get(0), 100, 100, true);
//
// outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
// Graphics g = outImage.getGraphics();
// Graphics2D g2d = (Graphics2D) g;
//
//// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(0, 0, 112, 112, 12, 12);
//// g2d.draw(roundedRectangle);
// // 设置背景色
//// g2d.setBackground(new Color(231, 231, 231));
//// g2d.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
//// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 60, 60));
// g2d.setBackground(Color.WHITE);
//// g2d.setColor(Color.WHITE);
// // 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
// g2d.clearRect(0, 0, width, height);
//
//// ImageUtil.setClip(outImage, 20);
// g2d.drawImage(imageSrc, 6, 6, null);
// } else {
// outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
// // 生成画布
// Graphics g = outImage.getGraphics();
// Graphics2D g2d = (Graphics2D) g;
//
//// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(100, 100, 240, 160, 60, 60);
//// g2d.draw(roundedRectangle);
// // 设置背景色
//// g2d.setBackground(new Color(231, 231, 231));
//// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 12, 12));
// g2d.setBackground(Color.WHITE);
// // 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
// g2d.clearRect(0, 0, width, height);
// // 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中
// int j = 1;
// for (int i = 1; i <= bufferedImages.size(); i++) {
// if (bufferedImages.size() == 4) {
// if (i <= 2) {
// g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 4, null);
// } else {
// g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 58, null);
// j++;
// }
// } else if (bufferedImages.size() == 3) {
// if (i <= 1) {
//
// g2d.drawImage(bufferedImages.get(i - 1), 31, 4, null);
// } else {
//
// g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 51, null);
// j++;
// }
// } else if (bufferedImages.size() == 2) {
//
// g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 31, null);
// } else if (bufferedImages.size() == 1) {
//
// g2d.drawImage(bufferedImages.get(i - 1), 31, 31, null);
// }
// // 需要改变颜色的话在这里绘上颜色。可能会用到AlphaComposite类
// }
// }
//
// String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
// if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
// return null;
// }
// String path = GConstants.FILE_UPLOAD_DIR + baseDatePath;
// if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
// return null;
// }
// File baseUploadDir = new File(path);
// if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
//
// baseUploadDir.mkdirs();
// }
// String fileName = IdWorker.getNextId() + "." + PNG;
// File uploadFilePath = new File(baseUploadDir, fileName);
//// System.out.println(uploadFilePath.getAbsolutePath());
// ImageIO.write(outImage, PNG.toUpperCase(), uploadFilePath);
//
// return baseDatePath + fileName;
// } catch (Exception e) {
// // TODO: handle exception
// }
return null;
}
......@@ -352,42 +352,42 @@ public final class ImageUtil {
* @param bb 比例不对时是否需要补白
*/
public static BufferedImage resize(String filePath, int height, int width, boolean bb) {
try {
if(StrUtil.contains(filePath, "../") || StrUtil.contains(filePath, "..\\")){
return null;
}
double ratio = 0; // 缩放比例
File f = new File(filePath);
BufferedImage bi = ImageIO.read(f);
Image itemp = bi.getScaledInstance(width, height, Image.SCALE_SMOOTH);
// 计算比例
if ((bi.getHeight() > height) || (bi.getWidth() > width)) {
if (bi.getHeight() > bi.getWidth()) {
ratio = (new Integer(height)).doubleValue() / bi.getHeight();
} else {
ratio = (new Integer(width)).doubleValue() / bi.getWidth();
}
AffineTransformOp op = new AffineTransformOp(AffineTransform.getScaleInstance(ratio, ratio), null);
itemp = op.filter(bi, null);
}
if (bb) {
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
Graphics2D g = image.createGraphics();
g.setColor(Color.white);
g.fillRect(0, 0, width, height);
if (width == itemp.getWidth(null))
g.drawImage(itemp, 0, (height - itemp.getHeight(null)) / 2, itemp.getWidth(null),
itemp.getHeight(null), Color.white, null);
else
g.drawImage(itemp, (width - itemp.getWidth(null)) / 2, 0, itemp.getWidth(null),
itemp.getHeight(null), Color.white, null);
g.dispose();
itemp = image;
}
return (BufferedImage) itemp;
} catch (IOException e) {
e.printStackTrace();
}
// try {
// if(StrUtil.contains(filePath, "../") || StrUtil.contains(filePath, "..\\")){
// return null;
// }
// double ratio = 0; // 缩放比例
// File f = new File(filePath);
// BufferedImage bi = ImageIO.read(f);
// Image itemp = bi.getScaledInstance(width, height, Image.SCALE_SMOOTH);
// // 计算比例
// if ((bi.getHeight() > height) || (bi.getWidth() > width)) {
// if (bi.getHeight() > bi.getWidth()) {
// ratio = (new Integer(height)).doubleValue() / bi.getHeight();
// } else {
// ratio = (new Integer(width)).doubleValue() / bi.getWidth();
// }
// AffineTransformOp op = new AffineTransformOp(AffineTransform.getScaleInstance(ratio, ratio), null);
// itemp = op.filter(bi, null);
// }
// if (bb) {
// BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
// Graphics2D g = image.createGraphics();
// g.setColor(Color.white);
// g.fillRect(0, 0, width, height);
// if (width == itemp.getWidth(null))
// g.drawImage(itemp, 0, (height - itemp.getHeight(null)) / 2, itemp.getWidth(null),
// itemp.getHeight(null), Color.white, null);
// else
// g.drawImage(itemp, (width - itemp.getWidth(null)) / 2, 0, itemp.getWidth(null),
// itemp.getHeight(null), Color.white, null);
// g.dispose();
// itemp = image;
// }
// return (BufferedImage) itemp;
// } catch (IOException e) {
// e.printStackTrace();
// }
return null;
}
......
src/com/ejweb/core/util/PlanUtil.java
......@@ -36,49 +36,49 @@ import com.ejweb.modules.verify.entity.ConnectionPlan;
public class PlanUtil {
public static List<ConnectionPlan> planlist(String fileName,String filePath){
//读取文件
try {
//获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
return null;
}
InputStream in = null;
in = new FileInputStream(fullFileName);
ImportExcel ei = new ImportExcel(fileName,in, 1, 0);
try {
List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class);
List<ConnectionPlan> list=new ArrayList<ConnectionPlan>();
for(ConnectionPlan p:lst){
p.setField10(getTime(p.getField10()));
p.setField11(getTime(p.getField11()));
p.setField13(getTime(p.getField13()));
p.setField14(getTime(p.getField14()));
p.setField17(getTime(p.getField17()));
p.setField18(getTime(p.getField18()));
if(StringUtils.isNoneBlank(p.getField1())){
list.add(p);
}
}
return list;
} catch (InstantiationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalAccessException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidFormatException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// try {
//
// //获取目标文件的绝对路径
// String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
// if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
// return null;
// }
// InputStream in = null;
// in = new FileInputStream(fullFileName);
// ImportExcel ei = new ImportExcel(fileName,in, 1, 0);
// try {
// List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class);
// List<ConnectionPlan> list=new ArrayList<ConnectionPlan>();
// for(ConnectionPlan p:lst){
//
// p.setField10(getTime(p.getField10()));
// p.setField11(getTime(p.getField11()));
// p.setField13(getTime(p.getField13()));
// p.setField14(getTime(p.getField14()));
// p.setField17(getTime(p.getField17()));
// p.setField18(getTime(p.getField18()));
// if(StringUtils.isNoneBlank(p.getField1())){
// list.add(p);
// }
// }
// return list;
// } catch (InstantiationException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// } catch (IllegalAccessException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
// } catch (FileNotFoundException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// } catch (InvalidFormatException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// } catch (IOException e) {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
return null;
}
private static String getTime(String f){
......
src/com/ejweb/core/util/ireport/JRView.java
......@@ -26,79 +26,79 @@ public class JRView extends JasperReportsMultiFormatView {
}
protected JasperPrint fillReport(final Map<String, Object> model) throws Exception {
if (model.containsKey("url")) {
// setUrl(String.valueOf(model.get("url")));
this.report = loadReport(new Resource() {
@Override
public boolean exists() {
return new File(String.valueOf(model.get("url"))).isFile();
}
@Override
public boolean isReadable() {
return false;
}
@Override
public boolean isOpen() {
return false;
}
@Override
public URL getURL() throws IOException {
return null;
}
@Override
public URI getURI() throws IOException {
return null;
}
@Override
public File getFile() throws IOException {
return new File(String.valueOf(model.get("url")));
}
@Override
public long contentLength() throws IOException {
return 0;
}
@Override
public long lastModified() throws IOException {
return 0;
}
@Override
public Resource createRelative(String relativePath) throws IOException {
return null;
}
@Override
public String getFilename() {
return new File(String.valueOf(model.get("url"))).getName();
}
@Override
public String getDescription() {
return null;
}
@Override
public InputStream getInputStream() throws IOException {
String url = String.valueOf(model.get("url"));
if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
throw new RuntimeException("文件路径不合法");
}
return new FileInputStream(url);
}
});
}
if (model.containsKey("exportFileName")) {
Properties properties = new Properties();
properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1"));
setHeaders(properties);
}
// if (model.containsKey("url")) {
//// setUrl(String.valueOf(model.get("url")));
// this.report = loadReport(new Resource() {
// @Override
// public boolean exists() {
// return new File(String.valueOf(model.get("url"))).isFile();
// }
//
// @Override
// public boolean isReadable() {
// return false;
// }
//
// @Override
// public boolean isOpen() {
// return false;
// }
//
// @Override
// public URL getURL() throws IOException {
// return null;
// }
//
// @Override
// public URI getURI() throws IOException {
// return null;
// }
//
// @Override
// public File getFile() throws IOException {
// return new File(String.valueOf(model.get("url")));
// }
//
// @Override
// public long contentLength() throws IOException {
// return 0;
// }
//
// @Override
// public long lastModified() throws IOException {
// return 0;
// }
//
// @Override
// public Resource createRelative(String relativePath) throws IOException {
// return null;
// }
//
// @Override
// public String getFilename() {
// return new File(String.valueOf(model.get("url"))).getName();
// }
//
// @Override
// public String getDescription() {
// return null;
// }
//
// @Override
// public InputStream getInputStream() throws IOException {
// String url = String.valueOf(model.get("url"));
// if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
// throw new RuntimeException("文件路径不合法");
// }
// return new FileInputStream(url);
// }
// });
// }
// if (model.containsKey("exportFileName")) {
// Properties properties = new Properties();
// properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1"));
// setHeaders(properties);
// }
return super.fillReport(model);
}
......
src/com/ejweb/modules/call/api/SoundRecordingController.java
......@@ -85,39 +85,39 @@ public class SoundRecordingController {
SoundRecordingDownloadBean bean = requestBean.getObjectBean(SoundRecordingDownloadBean.class);
String message = soundRecordingService.validate(bean);
if (message == null) {
ServletOutputStream outputStream = null;
InputStream inputStream = null;
HttpURLConnection urlCon = null;
try {
bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/"));
if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) {
throw new RuntimeException("录音文件地址不合法");
}
String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length());
response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
outputStream = response.getOutputStream();
URL url = new URL(bean.getDownloadUrl());
urlCon = (HttpURLConnection)url.openConnection();
urlCon.setConnectTimeout(30000);
urlCon.setReadTimeout(30000); //最多连接30秒
inputStream = urlCon.getInputStream();
byte []bytes = new byte[1024];
int len = 0;
while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
outputStream.write(bytes, 0, len);
outputStream.flush();
}
} catch (IOException e) {
e.printStackTrace();
} finally {
if (urlCon != null) {urlCon.disconnect();}
try {
if (inputStream != null) {inputStream.close();}
if (outputStream != null) {outputStream.close();}
} catch (IOException e) {
e.printStackTrace();
}
}
// ServletOutputStream outputStream = null;
// InputStream inputStream = null;
// HttpURLConnection urlCon = null;
// try {
// bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/"));
// if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) {
// throw new RuntimeException("录音文件地址不合法");
// }
// String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length());
// response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
// outputStream = response.getOutputStream();
// URL url = new URL(bean.getDownloadUrl());
// urlCon = (HttpURLConnection)url.openConnection();
// urlCon.setConnectTimeout(30000);
// urlCon.setReadTimeout(30000); //最多连接30秒
// inputStream = urlCon.getInputStream();
// byte []bytes = new byte[1024];
// int len = 0;
// while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
// outputStream.write(bytes, 0, len);
// outputStream.flush();
// }
// } catch (IOException e) {
// e.printStackTrace();
// } finally {
// if (urlCon != null) {urlCon.disconnect();}
// try {
// if (inputStream != null) {inputStream.close();}
// if (outputStream != null) {outputStream.close();}
// } catch (IOException e) {
// e.printStackTrace();
// }
// }
return null;
} else {
// 参数校验为通过
......
src/com/ejweb/modules/flight/api/AirCarrierController.java
......@@ -114,95 +114,95 @@ public class AirCarrierController {
public ResponseBean findAirCarrierFlightList(RequestBean requestBean){
ResponseBean responseBean = new ResponseBean();
//
AirCarrierDetailBean bean = requestBean.getObjectBean(AirCarrierDetailBean.class);
String message = airCarrierService.validate(bean);
if(message == null){// 数据校验通过
if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天
SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd");
String today=format.format(System.currentTimeMillis());
bean.setQueryDate(today);
}
List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean);
if(list == null || list.size() == 0){
responseBean.setData(list);
responseBean.setMessage(GConstants.EMPTY);
responseBean.setStatus(ErrorCode.STATUS_CODE_2001);
return responseBean;
}
//最新同步时间
Date latestModifyTime = flightService.getLatestModify();
for(AirCarrierFlightListEntity flight:list){
flight.setLatestModifyTime(latestModifyTime);
// 设置机组人员信息
flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(),
flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState()));
// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo()));
// 起飞机场联系人列表
flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn()));
// 到达机场联系人列表
flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn()));
// 开航指令下载地址
SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(),
flight.getDepStn(), flight.getArrStn());
if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){
flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath()));
}
// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc");
// 获取到的机场的所有场站的席位列表
// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表
// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表
List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表
List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表
flight.setDepSeatList(depSeatList);// 起飞机场席位列表
flight.setArrSeatList(arrSeatList);// 到达机场席位列表
if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像
List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:depSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
}
}
String depSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(depSeatAvatar)){
flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar));
}
}
if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像
List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:arrSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
}
}
String arrSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(arrSeatAvatar)){
flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar));
}
}
}
responseBean.setData(list);
responseBean.setMessage(GConstants.OK);
responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
return responseBean;
}
// if(message == null){// 数据校验通过
//
// if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天
// SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd");
// String today=format.format(System.currentTimeMillis());
// bean.setQueryDate(today);
// }
// List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean);
// if(list == null || list.size() == 0){
//
// responseBean.setData(list);
// responseBean.setMessage(GConstants.EMPTY);
// responseBean.setStatus(ErrorCode.STATUS_CODE_2001);
// return responseBean;
// }
//
// //最新同步时间
// Date latestModifyTime = flightService.getLatestModify();
//
// for(AirCarrierFlightListEntity flight:list){
// flight.setLatestModifyTime(latestModifyTime);
// // 设置机组人员信息
// flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(),
// flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState()));
//// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo()));
//
// // 起飞机场联系人列表
// flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn()));
//
// // 到达机场联系人列表
// flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn()));
//
// // 开航指令下载地址
// SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(),
// flight.getDepStn(), flight.getArrStn());
// if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){
//
// flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath()));
// }
//// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc");
//
// // 获取到的机场的所有场站的席位列表
//// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表
//// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表
//
// List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表
// List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表
//
// flight.setDepSeatList(depSeatList);// 起飞机场席位列表
// flight.setArrSeatList(arrSeatList);// 到达机场席位列表
// if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像
// List<String> avatarList = new ArrayList<String>();
// for(SeatListEntity seat:depSeatList){
// if(StringUtils.isNotBlank(seat.getPhoto())){
//
// avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
// }
// }
// String depSeatAvatar = ImageUtil.combine(avatarList);
// if(StringUtils.isNotBlank(depSeatAvatar)){
//
// flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar));
// }
// }
//
// if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像
// List<String> avatarList = new ArrayList<String>();
// for(SeatListEntity seat:arrSeatList){
// if(StringUtils.isNotBlank(seat.getPhoto())){
//
// avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
// }
// }
// String arrSeatAvatar = ImageUtil.combine(avatarList);
// if(StringUtils.isNotBlank(arrSeatAvatar)){
//
// flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar));
// }
// }
// }
//
// responseBean.setData(list);
// responseBean.setMessage(GConstants.OK);
// responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
// return responseBean;
// }
responseBean.setMessage(message);
responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
return responseBean;
......
src/com/ejweb/modules/upload/api/UploadController.java
......@@ -138,11 +138,11 @@ public class UploadController {
RequestBean requestBean) {
ResponseBean responseBean = new ResponseBean();
List<UploadFileBean> uploadFiles = null;
String clientip = Util.getOnlineIP(request);
UploadBean uploadFile = null;
uploadFile = JSON.parseObject(requestBean.getContent(), UploadBean.class);
// List<UploadFileBean> uploadFiles = null;
//
// String clientip = Util.getOnlineIP(request);
// UploadBean uploadFile = null;
// uploadFile = JSON.parseObject(requestBean.getContent(), UploadBean.class);
// for (CommonsMultipartFile file : files) {// 遍历文件名,含有非法字符提示错误
//
// String originalFilename = file.getOriginalFilename();
......@@ -154,24 +154,24 @@ public class UploadController {
// }
// }
// }
String message = uploadService.check(files, uploadFile, clientip);
if (StringUtils.isNotEmpty(message)) {
responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
responseBean.setMessage(message);
return responseBean;
}
uploadFiles = uploadService.addMultipartFile(files, uploadFile, clientip);
if (uploadFiles == null || uploadFiles.size() == 0) {
responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
responseBean.setMessage("获取不到文件列表!");
return responseBean;
}
uploadFile.setSize(uploadFiles.size());
uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
// String message = uploadService.check(files, uploadFile, clientip);
// if (StringUtils.isNotEmpty(message)) {
// responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
// responseBean.setMessage(message);
// return responseBean;
// }
// uploadFiles = uploadService.addMultipartFile(files, uploadFile, clientip);
// if (uploadFiles == null || uploadFiles.size() == 0) {
//
// responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
// responseBean.setMessage("获取不到文件列表!");
// return responseBean;
// }
// uploadFile.setSize(uploadFiles.size());
// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
responseBean.setMessage(GConstants.OK);
responseBean.setData(uploadFile);
// responseBean.setData(uploadFile);
return responseBean;
}
......@@ -237,37 +237,37 @@ public class UploadController {
// 创建一个通用的多部分解析器
int start = 0;
try {
start = Integer.parseInt(request.getParameter("size"));
String name = request.getParameter("name");
String moduleName = request.getParameter("moduleName");
String appCode = request.getParameter("appCode") == null ? GConstants.DEFAULT_APP_CODE
: request.getParameter("appCode");// 本次文件上传记录CODE
String clientip = Util.getOnlineIP(request);
if (StringUtils.isBlank(moduleName)) {// 如果没有传则默认保存到files下面
moduleName = "files";
} else {
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
if (moduleName.length() == 0 || moduleName.length() > 64)// 如果没有传则默认保存到files下面
moduleName = "files";
}
String sessionId = DigestUtils.sha1Hex(
Util.getRandom(100, 999) + ":" + System.currentTimeMillis() + ":" + Util.getRandom(100, 999));
UploadFileBean fileBean = null;
fileBean = uploadService.addUploadFile(sessionId, request.getInputStream(), "", name, "", moduleName, appCode,
clientip);
if (fileBean != null) {
Map<String, Object> map = new HashMap<String, Object>();
map.put("success", true);
map.put("message", "");
map.put("start", start);
map.put("file", fileBean);
return map;
}
} catch (Exception e) {
e.printStackTrace();
}
// try {
//
// start = Integer.parseInt(request.getParameter("size"));
// String name = request.getParameter("name");
// String moduleName = request.getParameter("moduleName");
// String appCode = request.getParameter("appCode") == null ? GConstants.DEFAULT_APP_CODE
// : request.getParameter("appCode");// 本次文件上传记录CODE
// String clientip = Util.getOnlineIP(request);
// if (StringUtils.isBlank(moduleName)) {// 如果没有传则默认保存到files下面
// moduleName = "files";
// } else {
// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
// if (moduleName.length() == 0 || moduleName.length() > 64)// 如果没有传则默认保存到files下面
// moduleName = "files";
// }
// String sessionId = DigestUtils.sha1Hex(
// Util.getRandom(100, 999) + ":" + System.currentTimeMillis() + ":" + Util.getRandom(100, 999));
// UploadFileBean fileBean = null;
// fileBean = uploadService.addUploadFile(sessionId, request.getInputStream(), "", name, "", moduleName, appCode,
// clientip);
// if (fileBean != null) {
// Map<String, Object> map = new HashMap<String, Object>();
// map.put("success", true);
// map.put("message", "");
// map.put("start", start);
// map.put("file", fileBean);
// return map;
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
Map<String, Object> map = new HashMap<String, Object>();
map.put("success", false);
map.put("message", "");
......@@ -279,59 +279,59 @@ public class UploadController {
@RequestMapping("download")
public void download(RequestBean requestBean, HttpServletResponse response, HttpServletRequest request) throws JsonParseException, JsonMappingException, IOException {
FileBean bean = requestBean.getObjectBean(FileBean.class);
// File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, filepath);
InputStream in = null;
OutputStream out = null;
try {
if (bean.getPath() != null) {
if (bean.getPath().indexOf("../") != -1) {
return;
}
if(StrUtil.contains(bean.getPath(), "../")||StrUtil.contains(bean.getPath(), "..\\")){
throw new RuntimeException("文件路径异常!");
}
}
// 设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8");
// String downloadFileName=Encodes.urlEncode(bean.getName());
String downloadFileName = new String(bean.getName().getBytes("gbk"), "ISO8859-1");
String agent = (String) request.getHeader("USER-AGENT");
if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(bean.getName().getBytes("UTF-8"))))
+ "?=";
} /*
* else{ downloadFileName = URLDecoder.decode(bean.getName(),
* "UTF-8"); }
*/
// 设置Content-Disposition
response.setHeader("Content-Disposition", "attachment; filename=\"" + downloadFileName + "\"");
// 获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath();
if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")) {
throw new RuntimeException("文件路径异常!");
}
File downloadFile = new File(fullFileName);
LOG.error("文件下载地址:" + downloadFile.getAbsolutePath());
System.out.println("文件下载地址:" + downloadFile.getAbsolutePath());
// 读取文件
in = new FileInputStream(downloadFile);
out = response.getOutputStream();
// 写文件
int b;
while ((b = in.read()) != -1) {
out.write(b);
}
out.flush();
} catch (Exception e) {
System.out.println(e.getMessage());
// TODO: handle exception
e.printStackTrace();
} finally {
IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out);
}
// FileBean bean = requestBean.getObjectBean(FileBean.class);
// // File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, filepath);
// InputStream in = null;
// OutputStream out = null;
// try {
// if (bean.getPath() != null) {
// if (bean.getPath().indexOf("../") != -1) {
// return;
// }
// if(StrUtil.contains(bean.getPath(), "../")||StrUtil.contains(bean.getPath(), "..\\")){
// throw new RuntimeException("文件路径异常!");
// }
// }
// // 设置文件MIME类型
// response.setContentType("application/form-data;charset=utf-8");
// // String downloadFileName=Encodes.urlEncode(bean.getName());
// String downloadFileName = new String(bean.getName().getBytes("gbk"), "ISO8859-1");
// String agent = (String) request.getHeader("USER-AGENT");
// if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
// downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(bean.getName().getBytes("UTF-8"))))
// + "?=";
// } /*
// * else{ downloadFileName = URLDecoder.decode(bean.getName(),
// * "UTF-8"); }
// */
// // 设置Content-Disposition
// response.setHeader("Content-Disposition", "attachment; filename=\"" + downloadFileName + "\"");
// // 获取目标文件的绝对路径
// String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath();
// if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")) {
// throw new RuntimeException("文件路径异常!");
// }
// File downloadFile = new File(fullFileName);
// LOG.error("文件下载地址:" + downloadFile.getAbsolutePath());
// System.out.println("文件下载地址:" + downloadFile.getAbsolutePath());
// // 读取文件
// in = new FileInputStream(downloadFile);
// out = response.getOutputStream();
//
// // 写文件
// int b;
// while ((b = in.read()) != -1) {
// out.write(b);
// }
// out.flush();
// } catch (Exception e) {
// System.out.println(e.getMessage());
// // TODO: handle exception
// e.printStackTrace();
// } finally {
// IOUtils.closeQuietly(in);
// IOUtils.closeQuietly(out);
// }
}
// public static String GetImageStr(String imgFile)
......@@ -410,43 +410,43 @@ public class UploadController {
@RequestMapping("/verifFile")
public ResponseBean verifFile(HttpServletRequest request, RequestBean requestBean) {
ResponseBean responseBean = new ResponseBean();
String stream = request.getParameter("fileStream");
String filePath = StrUtil.replace(StrUtil.replace(request.getParameter("filePath"), "../", ""),"..\\","");
String fileDir = StrUtil.replace(StrUtil.replace(request.getParameter("fileDir"), "../", ""),"..\\","");
ByteArrayInputStream bais = null;
FileOutputStream ostream = null;
try {
byte buf[] = stream.getBytes("utf-8");
bais = new ByteArrayInputStream(buf);
POIFSFileSystem poifs = new POIFSFileSystem();
DirectoryEntry directory = poifs.getRoot();
directory.createDocument("WordDocument", bais);
// 文件保存地址
String path = GConstants.FILE_UPLOAD_DIR + filePath;
if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) {
throw new RuntimeException("文件路径非法");
}
File uploadFilePath = new File(path);
if (uploadFilePath.exists()) {
return responseBean;
}
String path = GConstants.FILE_UPLOAD_DIR + fileDir;
if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) {
throw new RuntimeException("文件路径非法");
}
File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
ostream = new FileOutputStream(uploadFilePath);
poifs.writeFilesystem(ostream);
} catch (Exception e) {
// TODO: handle exception
} finally {
IOUtils.closeQuietly(bais);
IOUtils.closeQuietly(ostream);
}
// String stream = request.getParameter("fileStream");
// String filePath = StrUtil.replace(StrUtil.replace(request.getParameter("filePath"), "../", ""),"..\\","");
// String fileDir = StrUtil.replace(StrUtil.replace(request.getParameter("fileDir"), "../", ""),"..\\","");
// ByteArrayInputStream bais = null;
// FileOutputStream ostream = null;
// try {
// byte buf[] = stream.getBytes("utf-8");
// bais = new ByteArrayInputStream(buf);
// POIFSFileSystem poifs = new POIFSFileSystem();
// DirectoryEntry directory = poifs.getRoot();
// directory.createDocument("WordDocument", bais);
//
// // 文件保存地址
// String path = GConstants.FILE_UPLOAD_DIR + filePath;
// if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) {
// throw new RuntimeException("文件路径非法");
// }
// File uploadFilePath = new File(path);
// if (uploadFilePath.exists()) {
// return responseBean;
// }
// String path1 = GConstants.FILE_UPLOAD_DIR + fileDir;
// if (StrUtil.contains(path1,"../")||StrUtil.contains(path1,"..\\")) {
// throw new RuntimeException("文件路径非法");
// }
// File baseUploadDir = new File(path);
// if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
// baseUploadDir.mkdirs();
// }
// ostream = new FileOutputStream(uploadFilePath);
// poifs.writeFilesystem(ostream);
// } catch (Exception e) {
// // TODO: handle exception
// } finally {
// IOUtils.closeQuietly(bais);
// IOUtils.closeQuietly(ostream);
// }
responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
responseBean.setMessage(GConstants.OK);
......
src/com/ejweb/modules/upload/service/UploadService.java
......@@ -94,55 +94,55 @@ public class UploadService extends BaseService<UploadDao>{
}
List<UploadFileBean> uploadFiles = null;
// boolean isVerifyFileName = true;// 是否需要验证文件名称
String message = validate(uploadFile);
if(message == null){
// uploadFile.setSize(0);
// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
uploadFiles = new ArrayList<UploadFileBean>(6);
uploadFile.setFiles(uploadFiles);
// uploadFiles = uploadFile.getFiles();
// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
// uploadFiles = new ArrayList<UploadFileBean>(6);
// uploadFile.setFiles(uploadFiles);
//// isVerifyFileName = false;
// }
// String moduleName = uploadFile.getModule();// 模块名称
// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
// moduleName = "files";
// } else{
// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
// moduleName = "files";
// }
// uploadFile.setModule(moduleName);
// 生成本次会话的随机数随机数
String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
+System.currentTimeMillis()+":"+Util.getRandom(100, 999));
// uploadFile.setSessionId(sessionId);
for (CommonsMultipartFile file:files) {// 遍历所有提交的文件
try {
String originalFilename = file.getOriginalFilename();
if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
InputStream in = file.getInputStream();
String contentType = uploadFile.getContentType();
UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
uploadFile.getModule(), uploadFile.getAppCode(), clientip);
uploadFiles.add(fileBean);
}
} catch (Exception e) {
// TODO: handle exception
}
// if(file !=null){
// // 统一文件处理
// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
// sessionId, file, clientip);
// String message = validate(uploadFile);
// if(message == null){
//// uploadFile.setSize(0);
//// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
// uploadFiles = new ArrayList<UploadFileBean>(6);
// uploadFile.setFiles(uploadFiles);
//// uploadFiles = uploadFile.getFiles();
//// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
//// uploadFiles = new ArrayList<UploadFileBean>(6);
//// uploadFile.setFiles(uploadFiles);
////// isVerifyFileName = false;
//// }
//
//// String moduleName = uploadFile.getModule();// 模块名称
//// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
//// moduleName = "files";
//// } else{
//// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
//// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
//// moduleName = "files";
//// }
//// uploadFile.setModule(moduleName);
//
// // 生成本次会话的随机数随机数
// String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
// +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
//// uploadFile.setSessionId(sessionId);
// for (CommonsMultipartFile file:files) {// 遍历所有提交的文件
// try {
// String originalFilename = file.getOriginalFilename();
// if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
// InputStream in = file.getInputStream();
//
// String contentType = uploadFile.getContentType();
// UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
// uploadFile.getModule(), uploadFile.getAppCode(), clientip);
// uploadFiles.add(fileBean);
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
}
return uploadFiles;
}
//// if(file !=null){
//// // 统一文件处理
//// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
//// sessionId, file, clientip);
//// }
// }
// return uploadFiles;
// }
return uploadFiles;
}
/**
......@@ -179,80 +179,80 @@ public class UploadService extends BaseService<UploadDao>{
@Transactional(readOnly = false)
public List<UploadFileBean> addMultipartFile(HttpServletRequest request,
UploadBean uploadFile, String clientip){
try {
List<UploadFileBean> uploadFiles = null;
// boolean isVerifyFileName = true;// 是否需要验证文件名称
String message = validate(uploadFile);
if(message == null){
// uploadFile.setSize(0);
// 创建一个通用的多部分解析器
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver(
request.getSession().getServletContext());
// 判断 request 是否有文件上传,即多部分请求
if (multipartResolver != null && multipartResolver.isMultipart(request)) {
// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
uploadFiles = new ArrayList<UploadFileBean>(6);
uploadFile.setFiles(uploadFiles);
// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
// uploadFiles = new ArrayList<UploadFileBean>(6);
// uploadFile.setFiles(uploadFiles);
// isVerifyFileName = false;
// try {
// List<UploadFileBean> uploadFiles = null;
//// boolean isVerifyFileName = true;// 是否需要验证文件名称
// String message = validate(uploadFile);
// if(message == null){
//// uploadFile.setSize(0);
// // 创建一个通用的多部分解析器
// CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver(
// request.getSession().getServletContext());
// // 判断 request 是否有文件上传,即多部分请求
// if (multipartResolver != null && multipartResolver.isMultipart(request)) {
//
//// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
// uploadFiles = new ArrayList<UploadFileBean>(6);
// uploadFile.setFiles(uploadFiles);
//// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
//// uploadFiles = new ArrayList<UploadFileBean>(6);
//// uploadFile.setFiles(uploadFiles);
//// isVerifyFileName = false;
//// }
//
// String moduleName = uploadFile.getModule();// 模块名称
// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
// moduleName = "files";
// } else{
// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
// moduleName = "files";
// if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
// moduleName = "files";
// }
// }
String moduleName = uploadFile.getModule();// 模块名称
if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
moduleName = "files";
} else{
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
moduleName = "files";
if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
moduleName = "files";
}
}
// uploadFile.setModule(moduleName);
// 生成本次会话的随机数随机数
String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
+System.currentTimeMillis()+":"+Util.getRandom(100, 999));
// uploadFile.setSessionId(sessionId);
// 转换成多部分request
MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request;
// 取得request中的所有文件名
Iterator<String> iter = multiRequest.getFileNames();
while (iter.hasNext()) {
try {
MultipartFile file = multiRequest.getFile(iter.next());
if (file != null) {// 取得上传文件
String originalFilename = file.getOriginalFilename();
if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
InputStream in = file.getInputStream();
String contentType = uploadFile.getContentType();
UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
moduleName, uploadFile.getAppCode(), clientip);
uploadFiles.add(fileBean);
}
}
} catch (Exception e) {
// TODO: handle exception
}
// 取得上传文件
// MultipartFile file = multiRequest.getFile(iter.next());
// file.getName();
// if (file != null) {
// // 统一文件处理
// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
// sessionId, file, clientip);
//// uploadFile.setModule(moduleName);
//
// // 生成本次会话的随机数随机数
// String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
// +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
//// uploadFile.setSessionId(sessionId);
// // 转换成多部分request
// MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request;
// // 取得request中的所有文件名
// Iterator<String> iter = multiRequest.getFileNames();
// while (iter.hasNext()) {
// try {
// MultipartFile file = multiRequest.getFile(iter.next());
// if (file != null) {// 取得上传文件
//
// String originalFilename = file.getOriginalFilename();
// if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
// InputStream in = file.getInputStream();
// String contentType = uploadFile.getContentType();
// UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
// moduleName, uploadFile.getAppCode(), clientip);
// uploadFiles.add(fileBean);
// }
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
}
}
return uploadFiles;
}
} catch (Exception e) {
// TODO: handle exception
}
// // 取得上传文件
//// MultipartFile file = multiRequest.getFile(iter.next());
//// file.getName();
//// if (file != null) {
//// // 统一文件处理
//// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
//// sessionId, file, clientip);
//// }
// }
// }
// return uploadFiles;
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
return null;
}
/**
......@@ -271,99 +271,99 @@ public class UploadService extends BaseService<UploadDao>{
@Transactional(readOnly = false)
public UploadFileBean addUploadFile(String sessionId, InputStream in, String inputName, String originalFilename,
String contentType, String moduleName, String appCode, String clientip) {
OutputStream os = null;
ByteArrayOutputStream baos = null;
UploadEntity fileUploadEntity=null;
// InputStream in = null;
try {
// String originalFilename = file.getOriginalFilename();
if(StringUtils.isBlank(originalFilename)){// 文件扩展名称不能为NULL
LOG.debug("无法获取文件名称:"+originalFilename);
return null;
}
if("blob".equals(originalFilename)){// 上传的二进制文件,兼容H5文件无法上传的情况
if(StringUtils.isEmpty(contentType)){// 默认为MP3格式
originalFilename = "blob.mp3";
} else {
originalFilename = "blob."+contentType;
}
}
String extesionName = Util.getExtensionName(originalFilename);
if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL
LOG.debug("无法获取文件扩展名:"+originalFilename);
}
UploadFileBean fileBean = null;
// uploadFile.setSize(uploadFile.getSize()+1);
if(extesionName == null ||
GConstants.FILE_FILTERS.get(extesionName.toLowerCase()) == null){// 不允许上传的文件
LOG.debug("此类型文件不允许上传:"+originalFilename);
fileBean = new UploadFileBean();
fileBean.setInputName("");
fileBean.setPath(null);
fileBean.setName(originalFilename);
fileBean.setExtesion(extesionName);
fileBean.setStatus(2);
return fileBean;
}
// 拿到上传文件的输入流
// in = request.getInputStream();
in = new BufferedInputStream(in);
baos = new ByteArrayOutputStream();
byte[] buf = new byte[GConstants.BUFFER_SIZE];
// 以写字节的方式写文件
int size = in.read(buf);
while (size != -1) {
baos.write(buf, 0, size);
size = in.read(buf);
}
byte[] data = baos.toByteArray();
// byte[] data = IOUtils.toByteArray(in);
// 待扩展名称的MOD5
String md5 = DigestUtils.sha1Hex(data)+extesionName;
fileBean = new UploadFileBean();
fileBean.setName(originalFilename);
if(StringUtils.isBlank(inputName)){
fileBean.setInputName("");
} else {
fileBean.setInputName(inputName);
}
fileBean.setSize(data.length);
fileBean.setMd5(md5);
fileBean.setExtesion(extesionName);
if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
moduleName = "files";
} else{
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
moduleName = moduleName.replaceAll("[\\|//]+", "/");
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
moduleName = "files";
if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
moduleName = "files";
}
}
// 文件保存路径:基本路径+模块名称+日期
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis());
if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
throw new RuntimeException("模块名称非法");
}
String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
// 上传文件基本地址
String path = GConstants.FILE_UPLOAD_DIR + baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath;
if(StrUtil.contains(path,"../")||StrUtil.contains(path, "..\\")) {
throw new RuntimeException("文件路径不正确");
}
File baseUploadDir = new File(path);
if(!baseUploadDir.exists()){// 如果文件夹不存在则创建
baseUploadDir.mkdirs();
}
//
// OutputStream os = null;
// ByteArrayOutputStream baos = null;
// UploadEntity fileUploadEntity=null;
//// InputStream in = null;
// try {
//// String originalFilename = file.getOriginalFilename();
// if(StringUtils.isBlank(originalFilename)){// 文件扩展名称不能为NULL
// LOG.debug("无法获取文件名称:"+originalFilename);
// return null;
// }
// if("blob".equals(originalFilename)){// 上传的二进制文件,兼容H5文件无法上传的情况
// if(StringUtils.isEmpty(contentType)){// 默认为MP3格式
//
// originalFilename = "blob.mp3";
// } else {
//
// originalFilename = "blob."+contentType;
// }
// }
// String extesionName = Util.getExtensionName(originalFilename);
// if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL
// LOG.debug("无法获取文件扩展名:"+originalFilename);
// }
// UploadFileBean fileBean = null;
//// uploadFile.setSize(uploadFile.getSize()+1);
// if(extesionName == null ||
// GConstants.FILE_FILTERS.get(extesionName.toLowerCase()) == null){// 不允许上传的文件
//
// LOG.debug("此类型文件不允许上传:"+originalFilename);
// fileBean = new UploadFileBean();
// fileBean.setInputName("");
// fileBean.setPath(null);
// fileBean.setName(originalFilename);
// fileBean.setExtesion(extesionName);
// fileBean.setStatus(2);
// return fileBean;
// }
//
// // 拿到上传文件的输入流
//// in = request.getInputStream();
// in = new BufferedInputStream(in);
// baos = new ByteArrayOutputStream();
// byte[] buf = new byte[GConstants.BUFFER_SIZE];
// // 以写字节的方式写文件
// int size = in.read(buf);
// while (size != -1) {
// baos.write(buf, 0, size);
// size = in.read(buf);
// }
// byte[] data = baos.toByteArray();
//
//// byte[] data = IOUtils.toByteArray(in);
// // 待扩展名称的MOD5
// String md5 = DigestUtils.sha1Hex(data)+extesionName;
//
// fileBean = new UploadFileBean();
// fileBean.setName(originalFilename);
// if(StringUtils.isBlank(inputName)){
// fileBean.setInputName("");
// } else {
// fileBean.setInputName(inputName);
// }
// fileBean.setSize(data.length);
// fileBean.setMd5(md5);
// fileBean.setExtesion(extesionName);
//
// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
// moduleName = "files";
// } else{
// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
// moduleName = moduleName.replaceAll("[\\|//]+", "/");
// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
// moduleName = "files";
// if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
// moduleName = "files";
// }
// }
// // 文件保存路径:基本路径+模块名称+日期
// String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis());
// if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
// throw new RuntimeException("模块名称非法");
// }
// String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
// // 上传文件基本地址
// String path = GConstants.FILE_UPLOAD_DIR + baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath;
// if(StrUtil.contains(path,"../")||StrUtil.contains(path, "..\\")) {
// throw new RuntimeException("文件路径不正确");
// }
// File baseUploadDir = new File(path);
// if(!baseUploadDir.exists()){// 如果文件夹不存在则创建
// baseUploadDir.mkdirs();
// }
// String prefixFilename = "";
// if(StringUtils.isBlank(GConstants.getValue("file.prefix.filename.format")) == false){
......@@ -376,90 +376,90 @@ public class UploadService extends BaseService<UploadDao>{
// }
// String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":"
// +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
// 文件保存地址
String path2 = baseUploadDir + md5;
if(StrUtil.contains(path2,"../")||StrUtil.contains(path2, "..\\")) {
throw new RuntimeException("文件路径不正确");
}
File uploadFilePath = new File(path2);
LOG.info("原文件服务器绝对路径:"+uploadFilePath);
// 将数据保存到指定文件
os = new FileOutputStream(uploadFilePath);
os = new BufferedOutputStream(os);
os.write(data);
os.flush();
// 设置文件相关信息
fileUploadEntity = new UploadEntity();
// 如果上传文件为图片则获取图片的宽度高度
if(GConstants.FILE_FILTERS.get(extesionName) != null &&
GConstants.FILE_FILTERS.get(extesionName)){
BufferedImage image = this.getBufferedImage(data);
if(image != null){// 生成图片缩略图
fileBean.setWidth(image.getWidth());
fileBean.setHeight(image.getHeight());
if(GConstants.FILE_ALLOW_THUMBS){// 图片压缩保存
int with = GConstants.getIntValue("file.image.thumb.width", 640);
int height = GConstants.getIntValue("file.image.thumb.height", 640);
if(image.getWidth()>with || image.getHeight()>height){
String path1 = GConstants.FILE_UPLOAD_DIR +
baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_THUMBS + GConstants.FS + basePath;
if (StrUtil.contains(path1,"../")||StrUtil.contains(path1, "..\\")) {
throw new RuntimeException("文件路径不正确");
}
File baseUploadThumbsDir = new File(path1);
if(!baseUploadThumbsDir.exists()){// 如果文件夹不存在则创建
baseUploadThumbsDir.mkdirs();
}
File uploadThumbsFilePath = new File(baseUploadThumbsDir, md5);
LOG.info("缩略图文件服务器绝对路径:"+uploadThumbsFilePath);
Thumbnails.of(image).size(with, height)
.keepAspectRatio(true).outputQuality(1f)
.toFile(uploadThumbsFilePath);
// 设置缩略图地址前缀
fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5);
fileUploadEntity.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5);
} else{
fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
fileUploadEntity.setThumbs(fileBean.getThumbs());
}
}
}
}
fileUploadEntity.setName(fileBean.getName());
fileUploadEntity.setModule(moduleName);
fileUploadEntity.setMd5(md5);
fileUploadEntity.setExtesion(extesionName);
fileUploadEntity.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
fileUploadEntity.setAppCode(appCode);
fileUploadEntity.setWidth(fileBean.getWidth());
fileUploadEntity.setHeight(fileBean.getHeight());
fileUploadEntity.setSize(data.length);
fileUploadEntity.setClientip(clientip);
fileUploadEntity.setSessionId(sessionId);
fileUploadEntity.setInputName(fileBean.getInputName());
fileUploadEntity.setId(IdWorker.getNextId());
// 保存文件到数据库
dao.addUploadFile(fileUploadEntity);
fileBean.setExtesion(extesionName);
fileBean.setSize(data.length);
fileBean.setMd5(md5);
fileBean.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
fileBean.setStatus(1);
return fileBean;
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
} finally {
IOUtils.closeQuietly(os);
IOUtils.closeQuietly(in);
IOUtils.closeQuietly(baos);
}
//
// // 文件保存地址
// String path2 = baseUploadDir + md5;
// if(StrUtil.contains(path2,"../")||StrUtil.contains(path2, "..\\")) {
// throw new RuntimeException("文件路径不正确");
// }
// File uploadFilePath = new File(path2);
// LOG.info("原文件服务器绝对路径:"+uploadFilePath);
// // 将数据保存到指定文件
// os = new FileOutputStream(uploadFilePath);
// os = new BufferedOutputStream(os);
// os.write(data);
// os.flush();
//
// // 设置文件相关信息
// fileUploadEntity = new UploadEntity();
// // 如果上传文件为图片则获取图片的宽度高度
// if(GConstants.FILE_FILTERS.get(extesionName) != null &&
// GConstants.FILE_FILTERS.get(extesionName)){
// BufferedImage image = this.getBufferedImage(data);
// if(image != null){// 生成图片缩略图
// fileBean.setWidth(image.getWidth());
// fileBean.setHeight(image.getHeight());
// if(GConstants.FILE_ALLOW_THUMBS){// 图片压缩保存
//
// int with = GConstants.getIntValue("file.image.thumb.width", 640);
// int height = GConstants.getIntValue("file.image.thumb.height", 640);
// if(image.getWidth()>with || image.getHeight()>height){
// String path1 = GConstants.FILE_UPLOAD_DIR +
// baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_THUMBS + GConstants.FS + basePath;
// if (StrUtil.contains(path1,"../")||StrUtil.contains(path1, "..\\")) {
// throw new RuntimeException("文件路径不正确");
// }
// File baseUploadThumbsDir = new File(path1);
// if(!baseUploadThumbsDir.exists()){// 如果文件夹不存在则创建
// baseUploadThumbsDir.mkdirs();
// }
// File uploadThumbsFilePath = new File(baseUploadThumbsDir, md5);
// LOG.info("缩略图文件服务器绝对路径:"+uploadThumbsFilePath);
//
// Thumbnails.of(image).size(with, height)
// .keepAspectRatio(true).outputQuality(1f)
// .toFile(uploadThumbsFilePath);
// // 设置缩略图地址前缀
// fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5);
// fileUploadEntity.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5);
// } else{
//
// fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
// fileUploadEntity.setThumbs(fileBean.getThumbs());
// }
// }
// }
// }
// fileUploadEntity.setName(fileBean.getName());
// fileUploadEntity.setModule(moduleName);
// fileUploadEntity.setMd5(md5);
// fileUploadEntity.setExtesion(extesionName);
// fileUploadEntity.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
// fileUploadEntity.setAppCode(appCode);
// fileUploadEntity.setWidth(fileBean.getWidth());
// fileUploadEntity.setHeight(fileBean.getHeight());
// fileUploadEntity.setSize(data.length);
// fileUploadEntity.setClientip(clientip);
// fileUploadEntity.setSessionId(sessionId);
// fileUploadEntity.setInputName(fileBean.getInputName());
// fileUploadEntity.setId(IdWorker.getNextId());
// // 保存文件到数据库
// dao.addUploadFile(fileUploadEntity);
//
// fileBean.setExtesion(extesionName);
// fileBean.setSize(data.length);
// fileBean.setMd5(md5);
// fileBean.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
// fileBean.setStatus(1);
// return fileBean;
// } catch (Exception e) {
// // TODO: handle exception
// e.printStackTrace();
// } finally {
// IOUtils.closeQuietly(os);
// IOUtils.closeQuietly(in);
// IOUtils.closeQuietly(baos);
// }
return null;
}
/**
......
src/com/ejweb/modules/verify/api/AirlineVerifyController.java
......@@ -715,47 +715,47 @@ public class AirlineVerifyController {
}
sb.append("</tbody></table>");
UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
throw new RuntimeException("文件名包含非法字符");
}
InputStream in = null;
OutputStream out = null;
try {
//设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8");
String filename = name + ".doc";
String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1");
String agent = (String) request.getHeader("USER-AGENT");
if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?=";
}
//设置Content-Disposition
response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
//获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
throw new RuntimeException("文件名包含非法字符");
}
//读取文件
in = new FileInputStream(fullFileName);
out = response.getOutputStream();
//写文件
int b;
while ((b = in.read()) != -1) {
out.write(b);
}
} catch (Exception e) {
// TODO: handle exception
} finally {
IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out);
}
// sb.append("</tbody></table>");
//
// UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
// if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
// throw new RuntimeException("文件名包含非法字符");
// }
// InputStream in = null;
// OutputStream out = null;
// try {
//
// //设置文件MIME类型
// response.setContentType("application/form-data;charset=utf-8");
// String filename = name + ".doc";
// String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1");
// String agent = (String) request.getHeader("USER-AGENT");
// if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
// downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?=";
// }
// //设置Content-Disposition
// response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
// //获取目标文件的绝对路径
// String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
// if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
// throw new RuntimeException("文件名包含非法字符");
//
// }
// //读取文件
// in = new FileInputStream(fullFileName);
// out = response.getOutputStream();
//
// //写文件
// int b;
// while ((b = in.read()) != -1) {
// out.write(b);
// }
// } catch (Exception e) {
// // TODO: handle exception
// } finally {
// IOUtils.closeQuietly(in);
// IOUtils.closeQuietly(out);
// }
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment