Skip to content

A
api
Commit e630033e by 罗胜
Options

漏洞问题

parent 6eec98c3
Showing with 1235 additions and 1231 deletions
resources/esdk_ec_config.properties
...@@ -2,10 +2,12 @@ ...@@ -2,10 +2,12 @@
rest.url=http://218.241.234.131:8086 rest.url=http://218.241.234.131:8086
#connection user name #connection user name
#??DataBaseXml?????
username=f387adfd9ac040d78061c890ead8e215 username=f387adfd9ac040d78061c890ead8e215
#username=esdk_user #username=esdk_user
#connection user password #connection user password
#??DataBaseXml?????
password=c49bc828b17297f1dbcfd394c7835dc6 password=c49bc828b17297f1dbcfd394c7835dc6
#gwIp #gwIp
......
resources/jdbc.properties
...@@ -3,7 +3,9 @@ db.table.prefix=foc_ ...@@ -3,7 +3,9 @@ db.table.prefix=foc_
jdbc.type=mysql jdbc.type=mysql
jdbc.driver.class=com.mysql.jdbc.Driver jdbc.driver.class=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
#??DataBaseXml?????
jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
#??DataBaseXml?????
jdbc.password=33c9745f057ba48a41d8043f1a007100 jdbc.password=33c9745f057ba48a41d8043f1a007100
#\u521d\u59cb\u5316\u8fde\u63a5 #\u521d\u59cb\u5316\u8fde\u63a5
jdbc.initialSize=0 jdbc.initialSize=0
......
src/com/ejweb/core/conf/GConstants.java
...@@ -121,92 +121,92 @@ public class GConstants { ...@@ -121,92 +121,92 @@ public class GConstants {
private GConstants() { private GConstants() {
// 加载基本配置文件 // 加载基本配置文件
// 加载基本配置文件 // // 加载基本配置文件
InputStream is = null; // InputStream is = null;
ResourceLoader resourceLoader = null; // ResourceLoader resourceLoader = null;
Resource resource = null; // Resource resource = null;
for (String location : resources) {// 加载配置文件 // for (String location : resources) {// 加载配置文件
try { // try {
if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){ // if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
continue; // continue;
} // }
resourceLoader = new DefaultResourceLoader(); // resourceLoader = new DefaultResourceLoader();
resource = resourceLoader.getResource(location); // resource = resourceLoader.getResource(location);
is = resource.getInputStream(); // is = resource.getInputStream();
P.load(is); // P.load(is);
//
LOG.debug("加载" + location + "成功"); // LOG.debug("加载" + location + "成功");
} catch (Exception e) { // } catch (Exception e) {
LOG.info("加载" + location + "失败", e); // LOG.info("加载" + location + "失败", e);
} finally { // } finally {
IOUtils.closeQuietly(is); // IOUtils.closeQuietly(is);
} // }
} // }
try { // try {
Enumeration<?> enu = P.propertyNames(); // Enumeration<?> enu = P.propertyNames();
while (enu.hasMoreElements()) { // while (enu.hasMoreElements()) {
try { // try {
String key = (String) enu.nextElement(); // String key = (String) enu.nextElement();
String val = (String) P.get(key);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
String decorded = DES3Utils.decrypt(val, key1);
if (decorded != null) {
P.put(key, decorded);
}
// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
// String val = (String) P.get(key); // String val = (String) P.get(key);
// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY); // SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
// if(decorded != null){ // String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
// String decorded = DES3Utils.decrypt(val, key1);
// if (decorded != null) {
// P.put(key, decorded); // P.put(key, decorded);
// } // }
//// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
//// String val = (String) P.get(key);
//// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
//// if(decorded != null){
//// P.put(key, decorded);
//// }
//// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// try {
// // 上传文件扩展名称限制
// String extensions = GConstants.getValue("file.allow.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), false);
// }
// }
// }
// }
// // 图片后缀文件
// extensions = GConstants.getValue("file.image.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), true);
// }
// }
// }
// } // }
} catch (Exception e) {
// TODO: handle exception
}
}
} catch (Exception e) {
// TODO: handle exception
}
try {
// 上传文件扩展名称限制
String extensions = GConstants.getValue("file.allow.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), false);
}
}
}
}
// 图片后缀文件
extensions = GConstants.getValue("file.image.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), true);
}
}
}
}
// 临时文件夹路径 // 临时文件夹路径
if (P.getProperty("file.upload.dir") != null) { // if (P.getProperty("file.upload.dir") != null) {
String pathname = P.getProperty("file.upload.dir") + "tmp"; // String pathname = P.getProperty("file.upload.dir") + "tmp";
if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) { // if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
throw new RuntimeException("临时文件夹路径配置错误"); // throw new RuntimeException("临时文件夹路径配置错误");
} // }
File tmp = new File(pathname); // File tmp = new File(pathname);
if (!tmp.exists()) // if (!tmp.exists())
tmp.mkdirs(); // tmp.mkdirs();
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
e.printStackTrace(); // e.printStackTrace();
} // }
} }
/** /**
...@@ -216,29 +216,29 @@ public class GConstants { ...@@ -216,29 +216,29 @@ public class GConstants {
* @return * @return
*/ */
public static String getValue(String key) { public static String getValue(String key) {
if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){ // if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
return null; // return null;
} // }
if (key == null) // if (key == null)
return null; // return null;
if (P.containsKey(key)) { // if (P.containsKey(key)) {
return P.getProperty(key); // return P.getProperty(key);
} // }
String property = System.getProperty(key); // String property = System.getProperty(key);
if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) { // if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
return null; return null;
} // }
return property; // return property;
} }
public static String getValue(String key, String want) { public static String getValue(String key, String want) {
String val = getValue(key); // String val = getValue(key);
if (val == null) // if (val == null)
return want; // return want;
if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){ // if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
return want; // return want;
} // }
return val; return "";
} }
/** /**
......
src/com/ejweb/core/file/Html2File.java
...@@ -37,95 +37,95 @@ public class Html2File { ...@@ -37,95 +37,95 @@ public class Html2File {
public static UploadFileBean convertHtml2Word(String htmlBody) { public static UploadFileBean convertHtml2Word(String htmlBody) {
// 去掉textarea标签 // 去掉textarea标签
String regEx_style = "<textarea[^>]*?>"; // String regEx_style = "<textarea[^>]*?>";
//
Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE); // Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE);
Matcher m_script = p_script.matcher(htmlBody); // Matcher m_script = p_script.matcher(htmlBody);
htmlBody = m_script.replaceAll(""); // htmlBody = m_script.replaceAll("");
//
htmlBody= htmlBody.replaceAll("<\\/textarea>", ""); // htmlBody= htmlBody.replaceAll("<\\/textarea>", "");
UploadFileBean fileBean = new UploadFileBean(); UploadFileBean fileBean = new UploadFileBean();
fileBean.setPath(null); // fileBean.setPath(null);
ByteArrayInputStream bais = null; // ByteArrayInputStream bais = null;
FileOutputStream ostream = null; // FileOutputStream ostream = null;
try { // try {
fileBean.setExtesion(".doc"); // fileBean.setExtesion(".doc");
String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date()); // String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date());
// 待扩展名称的MOD5 // // 待扩展名称的MOD5
String md5 = date + Util.getRandom(100000, 999999) + ".doc"; // String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// 文件保存路径:基本路径+模块名称+日期 // // 文件保存路径:基本路径+模块名称+日期
String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis()); // String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
String basePath = "doc" + GConstants.FS; // String basePath = "doc" + GConstants.FS;
// String outputFile = // // String outputFile =
// baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5; // // baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
// String outputFile = "D:/2016/09/214/"+md5; // // String outputFile = "D:/2016/09/214/"+md5;
StringBuffer html = new StringBuffer(); // StringBuffer html = new StringBuffer();
// DOCTYPE 必需写否则类似于 这样的字符解析会出现错误 // // DOCTYPE 必需写否则类似于 这样的字符解析会出现错误
html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" "); // html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" ");
html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">"); // html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">"); // html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
html.append("<head>"); // html.append("<head>");
html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />"); // html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />");
html.append("<style type=\"text/css\" mce_bogus=\"1\">"); // html.append("<style type=\"text/css\" mce_bogus=\"1\">");
html.append("body {font-family: SimSun;} "); // html.append("body {font-family: SimSun;} ");
html.append("table "); // html.append("table ");
html.append("{ "); // html.append("{ ");
html.append("border-collapse: collapse; "); // html.append("border-collapse: collapse; ");
html.append("border: none; "); // html.append("border: none; ");
// html.append("width: 200px; "); // // html.append("width: 200px; ");
html.append("} "); // html.append("} ");
html.append("td "); // html.append("td ");
html.append("{ "); // html.append("{ ");
html.append("border: solid #000 1px;"); // html.append("border: solid #000 1px;");
html.append("} "); // html.append("} ");
html.append("</style>"); // html.append("</style>");
html.append("<style type=\"text/css\">img {width: 700px;}</style>"); // html.append("<style type=\"text/css\">img {width: 700px;}</style>");
html.append("</head>"); // html.append("</head>");
html.append("<body>"); // html.append("<body>");
//
html.append("<center>"); // html.append("<center>");
// System.out.println("-----------" + formText); //// System.out.println("-----------" + formText);
html.append(htmlBody); // html.append(htmlBody);
html.append("</center>"); // html.append("</center>");
//
html.append("</body></html>"); // html.append("</body></html>");
//
byte buf[] = html.toString().getBytes("UTF-8"); // byte buf[] = html.toString().getBytes("UTF-8");
fileBean.setSize(buf.length); // fileBean.setSize(buf.length);
bais = new ByteArrayInputStream(buf); // bais = new ByteArrayInputStream(buf);
//
// String md5 = DigestUtils.md5Hex(buf); // String md5 = DigestUtils.md5Hex(buf);
String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\",""); // String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// 上传文件基本地址 // // 上传文件基本地址
String path = GConstants.FILE_UPLOAD_DIR + baseDir; // String path = GConstants.FILE_UPLOAD_DIR + baseDir;
if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){ // if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
throw new RuntimeException("文件路径非法"); // throw new RuntimeException("文件路径非法");
} // }
File baseUploadDir = new File(path); // File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建 // if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
//
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
POIFSFileSystem poifs = new POIFSFileSystem(); // POIFSFileSystem poifs = new POIFSFileSystem();
DirectoryEntry directory = poifs.getRoot(); // DirectoryEntry directory = poifs.getRoot();
directory.createDocument("WordDocument", bais); // directory.createDocument("WordDocument", bais);
// 文件保存地址 // // 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5); // File uploadFilePath = new File(baseUploadDir, md5);
ostream = new FileOutputStream(uploadFilePath); // ostream = new FileOutputStream(uploadFilePath);
poifs.writeFilesystem(ostream); // poifs.writeFilesystem(ostream);
String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5; // String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
fileBean.setPath(path); // fileBean.setPath(path);
//
uploadFile(path,baseDir,buf); // uploadFile(path,baseDir,buf);
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally { // } finally {
IOUtils.closeQuietly(bais); // IOUtils.closeQuietly(bais);
IOUtils.closeQuietly(ostream); // IOUtils.closeQuietly(ostream);
} // }
return fileBean; return fileBean;
} }
......
src/com/ejweb/core/geoip/IPSeeker.java
...@@ -68,55 +68,55 @@ public final class IPSeeker { ...@@ -68,55 +68,55 @@ public final class IPSeeker {
private static IPSeeker INS = new IPSeeker(); private static IPSeeker INS = new IPSeeker();
private IPSeeker() { private IPSeeker() {
String dir = GConstants.getValue("geoip.db.dir", null); // String dir = GConstants.getValue("geoip.db.dir", null);
try { // try {
if(dir == null || dir.length() == 0){ // if(dir == null || dir.length() == 0){
dir = IPSeeker.class.getResource("/").getPath(); // dir = IPSeeker.class.getResource("/").getPath();
if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径 // if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS; // dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
} else {// 非WEB项目获取当前路径 // } else {// 非WEB项目获取当前路径
File file = new File(""); // File file = new File("");
dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS; // dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
} // }
} // }
String path = dir + "QQWry.dat"; // String path = dir + "QQWry.dat";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
throw new RuntimeException("IP数据库文件QQWry.dat路径错误"); // throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
} // }
File db = new File(path); // File db = new File(path);
LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath()); // LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
if(db.exists()){ // if(db.exists()){
this.ipFile = new RandomAccessFile(db, "r"); // this.ipFile = new RandomAccessFile(db, "r");
if (this.ipFile != null) { // if (this.ipFile != null) {
this.ipBegin = readLong4(0L); // this.ipBegin = readLong4(0L);
this.ipEnd = readLong4(4L); // this.ipEnd = readLong4(4L);
if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) { // if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
this.ipFile.close(); // this.ipFile.close();
this.ipFile = null; // this.ipFile = null;
} // }
} // }
LOG.info("成功加载QQWry.dat数据库"); // LOG.info("成功加载QQWry.dat数据库");
} // }
} catch (Exception e) { // } catch (Exception e) {
LOG.error("QQWry.dat数据库不可用"); // LOG.error("QQWry.dat数据库不可用");
e.printStackTrace(); // e.printStackTrace();
} // }
try { // try {
String path = dir + "GeoLite2-City.mmdb"; // String path = dir + "GeoLite2-City.mmdb";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return ; // return ;
} // }
File db = new File(path); // File db = new File(path);
LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath()); // LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
if(db.exists()){ // if(db.exists()){
reader = new DatabaseReader.Builder(db).build(); // reader = new DatabaseReader.Builder(db).build();
LOG.info("成功加载GeoLite2-City.mmdb数据库"); // LOG.info("成功加载GeoLite2-City.mmdb数据库");
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
LOG.error("GeoLite2-City.mmdb数据库不可用"); // LOG.error("GeoLite2-City.mmdb数据库不可用");
} // }
} }
public static IPSeeker getInstance() { public static IPSeeker getInstance() {
......
src/com/ejweb/core/util/ImageUtil.java
...@@ -39,97 +39,97 @@ public final class ImageUtil { ...@@ -39,97 +39,97 @@ public final class ImageUtil {
private static int clip = 4; private static int clip = 4;
public static String combineHighQuality(List<String> paths) { public static String combineHighQuality(List<String> paths) {
try { // try {
if (paths != null && paths.size() == 1) { // if (paths != null && paths.size() == 1) {
if (StringUtils.isNotEmpty(paths.get(0))) { // if (StringUtils.isNotEmpty(paths.get(0))) {
//
return paths.get(0).replace(GConstants.FILE_UPLOAD_DIR, ""); // return paths.get(0).replace(GConstants.FILE_UPLOAD_DIR, "");
} // }
} // }
int width = child_w * 2 + clip * 3; // int width = child_w * 2 + clip * 3;
int height = width; // int height = width;
List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>(); // List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>();
for (int i = 0; i < (paths.size() > 4 ? 4 : paths.size()); i++) { // for (int i = 0; i < (paths.size() > 4 ? 4 : paths.size()); i++) {
BufferedImage bufferedImageTmp = zoomImage(Util.getRelativePath(paths.get(i)), child_w, child_w); // BufferedImage bufferedImageTmp = zoomImage(Util.getRelativePath(paths.get(i)), child_w, child_w);
if (bufferedImageTmp != null) { // if (bufferedImageTmp != null) {
bufferedImages.add(bufferedImageTmp); // bufferedImages.add(bufferedImageTmp);
} // }
} // }
//
BufferedImage outImage = new BufferedImage(width, height, // BufferedImage outImage = new BufferedImage(width, height,
BufferedImage.TYPE_INT_RGB); // BufferedImage.TYPE_INT_RGB);
//
// 生成画布 // // 生成画布
Graphics g = outImage.getGraphics(); // Graphics g = outImage.getGraphics();
//
Graphics2D g2d = (Graphics2D) g; // Graphics2D g2d = (Graphics2D) g;
//
// 设置背景色 // // 设置背景色
g2d.setBackground(Color.WHITE); // g2d.setBackground(Color.WHITE);
//
// 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。 // // 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
g2d.clearRect(0, 0, width, height); // g2d.clearRect(0, 0, width, height);
//
// 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中 // // 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中
int j = 1; // int j = 1;
for (int i = 1; i <= bufferedImages.size(); i++) { // for (int i = 1; i <= bufferedImages.size(); i++) {
if (bufferedImages.size() == 4) { // if (bufferedImages.size() == 4) {
if (i <= 2) { // if (i <= 2) {
g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i // g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i
- child_w, clip, null); // - child_w, clip, null);
} else { // } else {
g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j // g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j
- child_w, child_w + clip * 2, null); // - child_w, child_w + clip * 2, null);
j++; // j++;
} // }
} else if (bufferedImages.size() == 3) { // } else if (bufferedImages.size() == 3) {
if (i <= 1) { // if (i <= 1) {
//
g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, clip, null); // g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, clip, null);
//
} else { // } else {
//
g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j // g2d.drawImage(bufferedImages.get(i - 1), child_w * j + clip * j
- child_w, child_w + clip * 2, null); // - child_w, child_w + clip * 2, null);
//
j++; // j++;
} // }
//
} else if (bufferedImages.size() == 2) { // } else if (bufferedImages.size() == 2) {
//
g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i - child_w, // g2d.drawImage(bufferedImages.get(i - 1), child_w * i + clip * i - child_w,
(width - child_w) / 2, null); // (width - child_w) / 2, null);
//
} else if (bufferedImages.size() == 1) { // } else if (bufferedImages.size() == 1) {
//
g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, (width - child_w) / 2, null); // g2d.drawImage(bufferedImages.get(i - 1), (width - child_w) / 2, (width - child_w) / 2, null);
//
} // }
//
} // }
//
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS; // String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
if (StrUtil.contains(baseDatePath,"../")||StrUtil.contains(baseDatePath, "..\\")) { // if (StrUtil.contains(baseDatePath,"../")||StrUtil.contains(baseDatePath, "..\\")) {
return null; // return null;
} // }
// 验证文件安全 // // 验证文件安全
baseDatePath = FileManipulation.validateFile(baseDatePath); // baseDatePath = FileManipulation.validateFile(baseDatePath);
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath); // File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建 // if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
String fileName = IdWorker.getNextId() + "." + PNG; // String fileName = IdWorker.getNextId() + "." + PNG;
if (StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) { // if (StrUtil.contains(fileName, "../")||StrUtil.contains(fileName, "..\\")) {
return null; // return null;
} // }
String fullFileName = baseUploadDir + GConstants.FS + fileName; // String fullFileName = baseUploadDir + GConstants.FS + fileName;
// File uploadFilePath = new File(baseUploadDir, fileName); // // File uploadFilePath = new File(baseUploadDir, fileName);
writeHighQuality(outImage, fullFileName); // writeHighQuality(outImage, fullFileName);
String fileNamePath = baseDatePath + fileName; // String fileNamePath = baseDatePath + fileName;
return StrUtil.replace(StrUtil.replace(fileNamePath,"../",""),"..\\",""); // return StrUtil.replace(StrUtil.replace(fileNamePath,"../",""),"..\\","");
} catch (Exception e) { // } catch (Exception e) {
e.printStackTrace(); // e.printStackTrace();
} // }
return null; return null;
} }
...@@ -137,45 +137,45 @@ public final class ImageUtil { ...@@ -137,45 +137,45 @@ public final class ImageUtil {
public static BufferedImage zoomImage(String src, int toWidth, int toHeight) { public static BufferedImage zoomImage(String src, int toWidth, int toHeight) {
BufferedImage result = null; BufferedImage result = null;
if (StrUtil.contains(src, "../")||StrUtil.contains(src, "..\\")) { // if (StrUtil.contains(src, "../")||StrUtil.contains(src, "..\\")) {
return null; // return null;
} // }
try { // try {
// 验证文件安全 // // 验证文件安全
src = FileManipulation.validateFile(src); // src = FileManipulation.validateFile(src);
File srcfile = new File(src); // File srcfile = new File(src);
if (!srcfile.exists()) { // if (!srcfile.exists()) {
String path = GConstants.FILE_UPLOAD_DIR + src; // String path = GConstants.FILE_UPLOAD_DIR + src;
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return null; // return null;
} // }
srcfile = new File(path); // srcfile = new File(path);
if (!srcfile.exists()) { // if (!srcfile.exists()) {
// System.out.println("文件不存在"); //// System.out.println("文件不存在");
return null; // return null;
} // }
} // }
BufferedImage im = ImageIO.read(srcfile); // BufferedImage im = ImageIO.read(srcfile);
//
/* 原始图像的宽度和高度 */ // /* 原始图像的宽度和高度 */
// int width = im.getWidth(); //// int width = im.getWidth();
// int height = im.getHeight(); //// int height = im.getHeight();
//
/* 新生成结果图片 */ // /* 新生成结果图片 */
result = new BufferedImage(toWidth, toHeight, // result = new BufferedImage(toWidth, toHeight,
BufferedImage.TYPE_INT_ARGB); // BufferedImage.TYPE_INT_ARGB);
//
Graphics2D graphics2d = (Graphics2D) result.getGraphics(); // Graphics2D graphics2d = (Graphics2D) result.getGraphics();
// graphics2d.setBackground(Color.WHITE); //// graphics2d.setBackground(Color.WHITE);
graphics2d.drawImage( // graphics2d.drawImage(
im.getScaledInstance(toWidth, toHeight, // im.getScaledInstance(toWidth, toHeight,
java.awt.Image.SCALE_SMOOTH), 0, 0, null); // java.awt.Image.SCALE_SMOOTH), 0, 0, null);
// graphics2d.dispose(); //// graphics2d.dispose();
//
} catch (Exception e) { // } catch (Exception e) {
e.printStackTrace(); // e.printStackTrace();
// System.out.println("创建缩略图发生异常" + e.getMessage()); //// System.out.println("创建缩略图发生异常" + e.getMessage());
} // }
return result; return result;
...@@ -217,129 +217,129 @@ public final class ImageUtil { ...@@ -217,129 +217,129 @@ public final class ImageUtil {
* @time 2016年10月5日 * @time 2016年10月5日
*/ */
public static String combine(List<String> paths) { public static String combine(List<String> paths) {
try { // try {
if (paths == null || paths.size() == 0) // if (paths == null || paths.size() == 0)
return null; // return null;
List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>(); // List<BufferedImage> bufferedImages = new ArrayList<BufferedImage>();
// 压缩图片所有的图片生成尺寸同意的 为 50x50 // // 压缩图片所有的图片生成尺寸同意的 为 50x50
int size = paths.size();// > 4 ? 4 : paths.size(); // int size = paths.size();// > 4 ? 4 : paths.size();
List<String> realPaths = new ArrayList<String>(4); // List<String> realPaths = new ArrayList<String>(4);
for (int i = 0, j = 0; i < size && j < 4; i++) { // for (int i = 0, j = 0; i < size && j < 4; i++) {
// 验证文件安全 // // 验证文件安全
//
String path = FileManipulation.validateFile(paths.get(i)); // String path = FileManipulation.validateFile(paths.get(i));
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
continue; // continue;
} // }
File f = new File(path); // File f = new File(path);
if (f.exists()) { // if (f.exists()) {
j++; // j++;
bufferedImages.add(ImageUtil.resize(paths.get(i), 100, 100, true)); // bufferedImages.add(ImageUtil.resize(paths.get(i), 100, 100, true));
realPaths.add(paths.get(i)); // realPaths.add(paths.get(i));
} else { // } else {
String path1 = GConstants.FILE_UPLOAD_DIR + paths.get(i); // String path1 = GConstants.FILE_UPLOAD_DIR + paths.get(i);
f = new File(path1); // f = new File(path1);
if (StrUtil.contains(path1, "../")||StrUtil.contains(path1, "..\\")) { // if (StrUtil.contains(path1, "../")||StrUtil.contains(path1, "..\\")) {
continue; // continue;
} // }
if (f.exists()) { // if (f.exists()) {
j++; // j++;
realPaths.add(GConstants.FILE_UPLOAD_DIR + paths.get(i)); // realPaths.add(GConstants.FILE_UPLOAD_DIR + paths.get(i));
bufferedImages.add(ImageUtil.resize(GConstants.FILE_UPLOAD_DIR + paths.get(i), 100, 100, true)); // bufferedImages.add(ImageUtil.resize(GConstants.FILE_UPLOAD_DIR + paths.get(i), 100, 100, true));
} // }
} // }
} // }
int width = 112; // 这是画板的宽高 // int width = 112; // 这是画板的宽高
int height = 112; // 这是画板的高度 // int height = 112; // 这是画板的高度
// BufferedImage.TYPE_INT_RGB可以自己定义可查看API // // BufferedImage.TYPE_INT_RGB可以自己定义可查看API
BufferedImage outImage = null; // BufferedImage outImage = null;
if (realPaths.size() == 1) {// 只有一个图片 // if (realPaths.size() == 1) {// 只有一个图片
//
BufferedImage imageSrc = ImageUtil.resize(realPaths.get(0), 100, 100, true); // BufferedImage imageSrc = ImageUtil.resize(realPaths.get(0), 100, 100, true);
//
outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); // outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
Graphics g = outImage.getGraphics(); // Graphics g = outImage.getGraphics();
Graphics2D g2d = (Graphics2D) g; // Graphics2D g2d = (Graphics2D) g;
//
// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(0, 0, 112, 112, 12, 12); //// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(0, 0, 112, 112, 12, 12);
// g2d.draw(roundedRectangle); //// g2d.draw(roundedRectangle);
// 设置背景色 // // 设置背景色
// g2d.setBackground(new Color(231, 231, 231)); //// g2d.setBackground(new Color(231, 231, 231));
// g2d.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON); //// g2d.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 60, 60)); //// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 60, 60));
g2d.setBackground(Color.WHITE); // g2d.setBackground(Color.WHITE);
// g2d.setColor(Color.WHITE); //// g2d.setColor(Color.WHITE);
// 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。 // // 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
g2d.clearRect(0, 0, width, height); // g2d.clearRect(0, 0, width, height);
//
// ImageUtil.setClip(outImage, 20); //// ImageUtil.setClip(outImage, 20);
g2d.drawImage(imageSrc, 6, 6, null); // g2d.drawImage(imageSrc, 6, 6, null);
} else { // } else {
outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); // outImage = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
// 生成画布 // // 生成画布
Graphics g = outImage.getGraphics(); // Graphics g = outImage.getGraphics();
Graphics2D g2d = (Graphics2D) g; // Graphics2D g2d = (Graphics2D) g;
//
// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(100, 100, 240, 160, 60, 60); //// RoundRectangle2D roundedRectangle = new RoundRectangle2D.Float(100, 100, 240, 160, 60, 60);
// g2d.draw(roundedRectangle); //// g2d.draw(roundedRectangle);
// 设置背景色 // // 设置背景色
// g2d.setBackground(new Color(231, 231, 231)); //// g2d.setBackground(new Color(231, 231, 231));
// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 12, 12)); //// g2d.setClip(new RoundRectangle2D.Double(0, 0, width, height, 12, 12));
g2d.setBackground(Color.WHITE); // g2d.setBackground(Color.WHITE);
// 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。 // // 通过使用当前绘图表面的背景色进行填充来清除指定的矩形。
g2d.clearRect(0, 0, width, height); // g2d.clearRect(0, 0, width, height);
// 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中 // // 开始拼凑 根据图片的数量判断该生成那种样式的组合头像目前为4中
int j = 1; // int j = 1;
for (int i = 1; i <= bufferedImages.size(); i++) { // for (int i = 1; i <= bufferedImages.size(); i++) {
if (bufferedImages.size() == 4) { // if (bufferedImages.size() == 4) {
if (i <= 2) { // if (i <= 2) {
g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 4, null); // g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 4, null);
} else { // } else {
g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 58, null); // g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 58, null);
j++; // j++;
} // }
} else if (bufferedImages.size() == 3) { // } else if (bufferedImages.size() == 3) {
if (i <= 1) { // if (i <= 1) {
//
g2d.drawImage(bufferedImages.get(i - 1), 31, 4, null); // g2d.drawImage(bufferedImages.get(i - 1), 31, 4, null);
} else { // } else {
//
g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 51, null); // g2d.drawImage(bufferedImages.get(i - 1), 50 * j + 4 * j - 50, 51, null);
j++; // j++;
} // }
} else if (bufferedImages.size() == 2) { // } else if (bufferedImages.size() == 2) {
//
g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 31, null); // g2d.drawImage(bufferedImages.get(i - 1), 50 * i + 4 * i - 50, 31, null);
} else if (bufferedImages.size() == 1) { // } else if (bufferedImages.size() == 1) {
//
g2d.drawImage(bufferedImages.get(i - 1), 31, 31, null); // g2d.drawImage(bufferedImages.get(i - 1), 31, 31, null);
} // }
// 需要改变颜色的话在这里绘上颜色。可能会用到AlphaComposite类 // // 需要改变颜色的话在这里绘上颜色。可能会用到AlphaComposite类
} // }
} // }
//
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS; // String baseDatePath = PathFormatUtils.parse(PATH_FORMAt) + GConstants.FS + "group" + GConstants.FS;
if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) { // if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
return null; // return null;
} // }
String path = GConstants.FILE_UPLOAD_DIR + baseDatePath; // String path = GConstants.FILE_UPLOAD_DIR + baseDatePath;
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return null; // return null;
} // }
File baseUploadDir = new File(path); // File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建 // if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
//
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
String fileName = IdWorker.getNextId() + "." + PNG; // String fileName = IdWorker.getNextId() + "." + PNG;
File uploadFilePath = new File(baseUploadDir, fileName); // File uploadFilePath = new File(baseUploadDir, fileName);
// System.out.println(uploadFilePath.getAbsolutePath()); //// System.out.println(uploadFilePath.getAbsolutePath());
ImageIO.write(outImage, PNG.toUpperCase(), uploadFilePath); // ImageIO.write(outImage, PNG.toUpperCase(), uploadFilePath);
//
return baseDatePath + fileName; // return baseDatePath + fileName;
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} // }
return null; return null;
} }
...@@ -352,42 +352,42 @@ public final class ImageUtil { ...@@ -352,42 +352,42 @@ public final class ImageUtil {
* @param bb 比例不对时是否需要补白 * @param bb 比例不对时是否需要补白
*/ */
public static BufferedImage resize(String filePath, int height, int width, boolean bb) { public static BufferedImage resize(String filePath, int height, int width, boolean bb) {
try { // try {
if(StrUtil.contains(filePath, "../") || StrUtil.contains(filePath, "..\\")){ // if(StrUtil.contains(filePath, "../") || StrUtil.contains(filePath, "..\\")){
return null; // return null;
} // }
double ratio = 0; // 缩放比例 // double ratio = 0; // 缩放比例
File f = new File(filePath); // File f = new File(filePath);
BufferedImage bi = ImageIO.read(f); // BufferedImage bi = ImageIO.read(f);
Image itemp = bi.getScaledInstance(width, height, Image.SCALE_SMOOTH); // Image itemp = bi.getScaledInstance(width, height, Image.SCALE_SMOOTH);
// 计算比例 // // 计算比例
if ((bi.getHeight() > height) || (bi.getWidth() > width)) { // if ((bi.getHeight() > height) || (bi.getWidth() > width)) {
if (bi.getHeight() > bi.getWidth()) { // if (bi.getHeight() > bi.getWidth()) {
ratio = (new Integer(height)).doubleValue() / bi.getHeight(); // ratio = (new Integer(height)).doubleValue() / bi.getHeight();
} else { // } else {
ratio = (new Integer(width)).doubleValue() / bi.getWidth(); // ratio = (new Integer(width)).doubleValue() / bi.getWidth();
} // }
AffineTransformOp op = new AffineTransformOp(AffineTransform.getScaleInstance(ratio, ratio), null); // AffineTransformOp op = new AffineTransformOp(AffineTransform.getScaleInstance(ratio, ratio), null);
itemp = op.filter(bi, null); // itemp = op.filter(bi, null);
} // }
if (bb) { // if (bb) {
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); // BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
Graphics2D g = image.createGraphics(); // Graphics2D g = image.createGraphics();
g.setColor(Color.white); // g.setColor(Color.white);
g.fillRect(0, 0, width, height); // g.fillRect(0, 0, width, height);
if (width == itemp.getWidth(null)) // if (width == itemp.getWidth(null))
g.drawImage(itemp, 0, (height - itemp.getHeight(null)) / 2, itemp.getWidth(null), // g.drawImage(itemp, 0, (height - itemp.getHeight(null)) / 2, itemp.getWidth(null),
itemp.getHeight(null), Color.white, null); // itemp.getHeight(null), Color.white, null);
else // else
g.drawImage(itemp, (width - itemp.getWidth(null)) / 2, 0, itemp.getWidth(null), // g.drawImage(itemp, (width - itemp.getWidth(null)) / 2, 0, itemp.getWidth(null),
itemp.getHeight(null), Color.white, null); // itemp.getHeight(null), Color.white, null);
g.dispose(); // g.dispose();
itemp = image; // itemp = image;
} // }
return (BufferedImage) itemp; // return (BufferedImage) itemp;
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} // }
return null; return null;
} }
......
src/com/ejweb/core/util/PlanUtil.java
...@@ -36,49 +36,49 @@ import com.ejweb.modules.verify.entity.ConnectionPlan; ...@@ -36,49 +36,49 @@ import com.ejweb.modules.verify.entity.ConnectionPlan;
public class PlanUtil { public class PlanUtil {
public static List<ConnectionPlan> planlist(String fileName,String filePath){ public static List<ConnectionPlan> planlist(String fileName,String filePath){
//读取文件 //读取文件
try { // try {
//
//获取目标文件的绝对路径 // //获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath; // String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) { // if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
return null; // return null;
} // }
InputStream in = null; // InputStream in = null;
in = new FileInputStream(fullFileName); // in = new FileInputStream(fullFileName);
ImportExcel ei = new ImportExcel(fileName,in, 1, 0); // ImportExcel ei = new ImportExcel(fileName,in, 1, 0);
try { // try {
List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class); // List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class);
List<ConnectionPlan> list=new ArrayList<ConnectionPlan>(); // List<ConnectionPlan> list=new ArrayList<ConnectionPlan>();
for(ConnectionPlan p:lst){ // for(ConnectionPlan p:lst){
//
p.setField10(getTime(p.getField10())); // p.setField10(getTime(p.getField10()));
p.setField11(getTime(p.getField11())); // p.setField11(getTime(p.getField11()));
p.setField13(getTime(p.getField13())); // p.setField13(getTime(p.getField13()));
p.setField14(getTime(p.getField14())); // p.setField14(getTime(p.getField14()));
p.setField17(getTime(p.getField17())); // p.setField17(getTime(p.getField17()));
p.setField18(getTime(p.getField18())); // p.setField18(getTime(p.getField18()));
if(StringUtils.isNoneBlank(p.getField1())){ // if(StringUtils.isNoneBlank(p.getField1())){
list.add(p); // list.add(p);
} // }
} // }
return list; // return list;
} catch (InstantiationException e) { // } catch (InstantiationException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} catch (IllegalAccessException e) { // } catch (IllegalAccessException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} // }
} catch (FileNotFoundException e) { // } catch (FileNotFoundException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} catch (InvalidFormatException e) { // } catch (InvalidFormatException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} catch (IOException e) { // } catch (IOException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} // }
return null; return null;
} }
private static String getTime(String f){ private static String getTime(String f){
......
src/com/ejweb/core/util/ireport/JRView.java
...@@ -26,79 +26,79 @@ public class JRView extends JasperReportsMultiFormatView { ...@@ -26,79 +26,79 @@ public class JRView extends JasperReportsMultiFormatView {
} }
protected JasperPrint fillReport(final Map<String, Object> model) throws Exception { protected JasperPrint fillReport(final Map<String, Object> model) throws Exception {
if (model.containsKey("url")) { // if (model.containsKey("url")) {
// setUrl(String.valueOf(model.get("url"))); //// setUrl(String.valueOf(model.get("url")));
this.report = loadReport(new Resource() { // this.report = loadReport(new Resource() {
@Override // @Override
public boolean exists() { // public boolean exists() {
return new File(String.valueOf(model.get("url"))).isFile(); // return new File(String.valueOf(model.get("url"))).isFile();
} // }
//
@Override // @Override
public boolean isReadable() { // public boolean isReadable() {
return false; // return false;
} // }
//
@Override // @Override
public boolean isOpen() { // public boolean isOpen() {
return false; // return false;
} // }
//
@Override // @Override
public URL getURL() throws IOException { // public URL getURL() throws IOException {
return null; // return null;
} // }
//
@Override // @Override
public URI getURI() throws IOException { // public URI getURI() throws IOException {
return null; // return null;
} // }
//
@Override // @Override
public File getFile() throws IOException { // public File getFile() throws IOException {
return new File(String.valueOf(model.get("url"))); // return new File(String.valueOf(model.get("url")));
} // }
//
@Override // @Override
public long contentLength() throws IOException { // public long contentLength() throws IOException {
return 0; // return 0;
} // }
//
@Override // @Override
public long lastModified() throws IOException { // public long lastModified() throws IOException {
return 0; // return 0;
} // }
//
@Override // @Override
public Resource createRelative(String relativePath) throws IOException { // public Resource createRelative(String relativePath) throws IOException {
return null; // return null;
} // }
//
@Override // @Override
public String getFilename() { // public String getFilename() {
return new File(String.valueOf(model.get("url"))).getName(); // return new File(String.valueOf(model.get("url"))).getName();
} // }
//
@Override // @Override
public String getDescription() { // public String getDescription() {
return null; // return null;
} // }
//
@Override // @Override
public InputStream getInputStream() throws IOException { // public InputStream getInputStream() throws IOException {
String url = String.valueOf(model.get("url")); // String url = String.valueOf(model.get("url"));
if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) { // if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
throw new RuntimeException("文件路径不合法"); // throw new RuntimeException("文件路径不合法");
} // }
return new FileInputStream(url); // return new FileInputStream(url);
} // }
}); // });
} // }
if (model.containsKey("exportFileName")) { // if (model.containsKey("exportFileName")) {
Properties properties = new Properties(); // Properties properties = new Properties();
properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1")); // properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1"));
setHeaders(properties); // setHeaders(properties);
} // }
return super.fillReport(model); return super.fillReport(model);
} }
......
src/com/ejweb/modules/call/api/SoundRecordingController.java
...@@ -85,39 +85,39 @@ public class SoundRecordingController { ...@@ -85,39 +85,39 @@ public class SoundRecordingController {
SoundRecordingDownloadBean bean = requestBean.getObjectBean(SoundRecordingDownloadBean.class); SoundRecordingDownloadBean bean = requestBean.getObjectBean(SoundRecordingDownloadBean.class);
String message = soundRecordingService.validate(bean); String message = soundRecordingService.validate(bean);
if (message == null) { if (message == null) {
ServletOutputStream outputStream = null; // ServletOutputStream outputStream = null;
InputStream inputStream = null; // InputStream inputStream = null;
HttpURLConnection urlCon = null; // HttpURLConnection urlCon = null;
try { // try {
bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/")); // bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/"));
if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) { // if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) {
throw new RuntimeException("录音文件地址不合法"); // throw new RuntimeException("录音文件地址不合法");
} // }
String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length()); // String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length());
response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1")); // response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
outputStream = response.getOutputStream(); // outputStream = response.getOutputStream();
URL url = new URL(bean.getDownloadUrl()); // URL url = new URL(bean.getDownloadUrl());
urlCon = (HttpURLConnection)url.openConnection(); // urlCon = (HttpURLConnection)url.openConnection();
urlCon.setConnectTimeout(30000); // urlCon.setConnectTimeout(30000);
urlCon.setReadTimeout(30000); //最多连接30秒 // urlCon.setReadTimeout(30000); //最多连接30秒
inputStream = urlCon.getInputStream(); // inputStream = urlCon.getInputStream();
byte []bytes = new byte[1024]; // byte []bytes = new byte[1024];
int len = 0; // int len = 0;
while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) { // while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
outputStream.write(bytes, 0, len); // outputStream.write(bytes, 0, len);
outputStream.flush(); // outputStream.flush();
} // }
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} finally { // } finally {
if (urlCon != null) {urlCon.disconnect();} // if (urlCon != null) {urlCon.disconnect();}
try { // try {
if (inputStream != null) {inputStream.close();} // if (inputStream != null) {inputStream.close();}
if (outputStream != null) {outputStream.close();} // if (outputStream != null) {outputStream.close();}
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} // }
} // }
return null; return null;
} else { } else {
// 参数校验为通过 // 参数校验为通过
......
src/com/ejweb/modules/flight/api/AirCarrierController.java
...@@ -114,95 +114,95 @@ public class AirCarrierController { ...@@ -114,95 +114,95 @@ public class AirCarrierController {
public ResponseBean findAirCarrierFlightList(RequestBean requestBean){ public ResponseBean findAirCarrierFlightList(RequestBean requestBean){
ResponseBean responseBean = new ResponseBean(); ResponseBean responseBean = new ResponseBean();
//
AirCarrierDetailBean bean = requestBean.getObjectBean(AirCarrierDetailBean.class); AirCarrierDetailBean bean = requestBean.getObjectBean(AirCarrierDetailBean.class);
String message = airCarrierService.validate(bean); String message = airCarrierService.validate(bean);
if(message == null){// 数据校验通过 // if(message == null){// 数据校验通过
//
if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天 // if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天
SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd"); // SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd");
String today=format.format(System.currentTimeMillis()); // String today=format.format(System.currentTimeMillis());
bean.setQueryDate(today); // bean.setQueryDate(today);
} // }
List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean); // List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean);
if(list == null || list.size() == 0){ // if(list == null || list.size() == 0){
//
responseBean.setData(list); // responseBean.setData(list);
responseBean.setMessage(GConstants.EMPTY); // responseBean.setMessage(GConstants.EMPTY);
responseBean.setStatus(ErrorCode.STATUS_CODE_2001); // responseBean.setStatus(ErrorCode.STATUS_CODE_2001);
return responseBean; // return responseBean;
} // }
//
//最新同步时间 // //最新同步时间
Date latestModifyTime = flightService.getLatestModify(); // Date latestModifyTime = flightService.getLatestModify();
//
for(AirCarrierFlightListEntity flight:list){ // for(AirCarrierFlightListEntity flight:list){
flight.setLatestModifyTime(latestModifyTime); // flight.setLatestModifyTime(latestModifyTime);
// 设置机组人员信息 // // 设置机组人员信息
flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(), // flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(),
flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState())); // flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState()));
// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo())); //// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo()));
//
// 起飞机场联系人列表 // // 起飞机场联系人列表
flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn())); // flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn()));
//
// 到达机场联系人列表 // // 到达机场联系人列表
flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn())); // flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn()));
//
// 开航指令下载地址 // // 开航指令下载地址
SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(), // SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(),
flight.getDepStn(), flight.getArrStn()); // flight.getDepStn(), flight.getArrStn());
if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){ // if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){
//
flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath())); // flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath()));
} // }
// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc"); //// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc");
//
// 获取到的机场的所有场站的席位列表 // // 获取到的机场的所有场站的席位列表
// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表 //// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表
// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表 //// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表
//
List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表 // List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表
List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表 // List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表
//
flight.setDepSeatList(depSeatList);// 起飞机场席位列表 // flight.setDepSeatList(depSeatList);// 起飞机场席位列表
flight.setArrSeatList(arrSeatList);// 到达机场席位列表 // flight.setArrSeatList(arrSeatList);// 到达机场席位列表
if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像 // if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像
List<String> avatarList = new ArrayList<String>(); // List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:depSeatList){ // for(SeatListEntity seat:depSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){ // if(StringUtils.isNotBlank(seat.getPhoto())){
//
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto()); // avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
} // }
} // }
String depSeatAvatar = ImageUtil.combine(avatarList); // String depSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(depSeatAvatar)){ // if(StringUtils.isNotBlank(depSeatAvatar)){
//
flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar)); // flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar));
} // }
} // }
//
if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像 // if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像
List<String> avatarList = new ArrayList<String>(); // List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:arrSeatList){ // for(SeatListEntity seat:arrSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){ // if(StringUtils.isNotBlank(seat.getPhoto())){
//
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto()); // avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
} // }
} // }
String arrSeatAvatar = ImageUtil.combine(avatarList); // String arrSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(arrSeatAvatar)){ // if(StringUtils.isNotBlank(arrSeatAvatar)){
//
flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar)); // flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar));
} // }
} // }
} // }
//
responseBean.setData(list); // responseBean.setData(list);
responseBean.setMessage(GConstants.OK); // responseBean.setMessage(GConstants.OK);
responseBean.setStatus(ErrorCode.STATUS_CODE_2000); // responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
return responseBean; // return responseBean;
} // }
responseBean.setMessage(message); responseBean.setMessage(message);
responseBean.setStatus(ErrorCode.STATUS_CODE_4001); responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
return responseBean; return responseBean;
......
src/com/ejweb/modules/upload/api/UploadController.java
...@@ -138,11 +138,11 @@ public class UploadController { ...@@ -138,11 +138,11 @@ public class UploadController {
RequestBean requestBean) { RequestBean requestBean) {
ResponseBean responseBean = new ResponseBean(); ResponseBean responseBean = new ResponseBean();
List<UploadFileBean> uploadFiles = null; // List<UploadFileBean> uploadFiles = null;
//
String clientip = Util.getOnlineIP(request); // String clientip = Util.getOnlineIP(request);
UploadBean uploadFile = null; // UploadBean uploadFile = null;
uploadFile = JSON.parseObject(requestBean.getContent(), UploadBean.class); // uploadFile = JSON.parseObject(requestBean.getContent(), UploadBean.class);
// for (CommonsMultipartFile file : files) {// 遍历文件名,含有非法字符提示错误 // for (CommonsMultipartFile file : files) {// 遍历文件名,含有非法字符提示错误
// //
// String originalFilename = file.getOriginalFilename(); // String originalFilename = file.getOriginalFilename();
...@@ -154,24 +154,24 @@ public class UploadController { ...@@ -154,24 +154,24 @@ public class UploadController {
// } // }
// } // }
// } // }
String message = uploadService.check(files, uploadFile, clientip); // String message = uploadService.check(files, uploadFile, clientip);
if (StringUtils.isNotEmpty(message)) { // if (StringUtils.isNotEmpty(message)) {
responseBean.setStatus(ErrorCode.STATUS_CODE_4001); // responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
responseBean.setMessage(message); // responseBean.setMessage(message);
return responseBean; // return responseBean;
} // }
uploadFiles = uploadService.addMultipartFile(files, uploadFile, clientip); // uploadFiles = uploadService.addMultipartFile(files, uploadFile, clientip);
if (uploadFiles == null || uploadFiles.size() == 0) { // if (uploadFiles == null || uploadFiles.size() == 0) {
//
responseBean.setStatus(ErrorCode.STATUS_CODE_4001); // responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
responseBean.setMessage("获取不到文件列表!"); // responseBean.setMessage("获取不到文件列表!");
return responseBean; // return responseBean;
} // }
uploadFile.setSize(uploadFiles.size()); // uploadFile.setSize(uploadFiles.size());
uploadFile.setUrl(GConstants.FILE_PREFIX_URL); // uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
responseBean.setStatus(ErrorCode.STATUS_CODE_2000); responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
responseBean.setMessage(GConstants.OK); responseBean.setMessage(GConstants.OK);
responseBean.setData(uploadFile); // responseBean.setData(uploadFile);
return responseBean; return responseBean;
} }
...@@ -237,37 +237,37 @@ public class UploadController { ...@@ -237,37 +237,37 @@ public class UploadController {
// 创建一个通用的多部分解析器 // 创建一个通用的多部分解析器
int start = 0; int start = 0;
try { // try {
//
start = Integer.parseInt(request.getParameter("size")); // start = Integer.parseInt(request.getParameter("size"));
String name = request.getParameter("name"); // String name = request.getParameter("name");
String moduleName = request.getParameter("moduleName"); // String moduleName = request.getParameter("moduleName");
String appCode = request.getParameter("appCode") == null ? GConstants.DEFAULT_APP_CODE // String appCode = request.getParameter("appCode") == null ? GConstants.DEFAULT_APP_CODE
: request.getParameter("appCode");// 本次文件上传记录CODE // : request.getParameter("appCode");// 本次文件上传记录CODE
String clientip = Util.getOnlineIP(request); // String clientip = Util.getOnlineIP(request);
if (StringUtils.isBlank(moduleName)) {// 如果没有传则默认保存到files下面 // if (StringUtils.isBlank(moduleName)) {// 如果没有传则默认保存到files下面
moduleName = "files"; // moduleName = "files";
} else { // } else {
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串 // moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
if (moduleName.length() == 0 || moduleName.length() > 64)// 如果没有传则默认保存到files下面 // if (moduleName.length() == 0 || moduleName.length() > 64)// 如果没有传则默认保存到files下面
moduleName = "files"; // moduleName = "files";
} // }
String sessionId = DigestUtils.sha1Hex( // String sessionId = DigestUtils.sha1Hex(
Util.getRandom(100, 999) + ":" + System.currentTimeMillis() + ":" + Util.getRandom(100, 999)); // Util.getRandom(100, 999) + ":" + System.currentTimeMillis() + ":" + Util.getRandom(100, 999));
UploadFileBean fileBean = null; // UploadFileBean fileBean = null;
fileBean = uploadService.addUploadFile(sessionId, request.getInputStream(), "", name, "", moduleName, appCode, // fileBean = uploadService.addUploadFile(sessionId, request.getInputStream(), "", name, "", moduleName, appCode,
clientip); // clientip);
if (fileBean != null) { // if (fileBean != null) {
Map<String, Object> map = new HashMap<String, Object>(); // Map<String, Object> map = new HashMap<String, Object>();
map.put("success", true); // map.put("success", true);
map.put("message", ""); // map.put("message", "");
map.put("start", start); // map.put("start", start);
map.put("file", fileBean); // map.put("file", fileBean);
return map; // return map;
} // }
} catch (Exception e) { // } catch (Exception e) {
e.printStackTrace(); // e.printStackTrace();
} // }
Map<String, Object> map = new HashMap<String, Object>(); Map<String, Object> map = new HashMap<String, Object>();
map.put("success", false); map.put("success", false);
map.put("message", ""); map.put("message", "");
...@@ -279,59 +279,59 @@ public class UploadController { ...@@ -279,59 +279,59 @@ public class UploadController {
@RequestMapping("download") @RequestMapping("download")
public void download(RequestBean requestBean, HttpServletResponse response, HttpServletRequest request) throws JsonParseException, JsonMappingException, IOException { public void download(RequestBean requestBean, HttpServletResponse response, HttpServletRequest request) throws JsonParseException, JsonMappingException, IOException {
FileBean bean = requestBean.getObjectBean(FileBean.class); // FileBean bean = requestBean.getObjectBean(FileBean.class);
// File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, filepath); // // File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, filepath);
InputStream in = null; // InputStream in = null;
OutputStream out = null; // OutputStream out = null;
try { // try {
if (bean.getPath() != null) { // if (bean.getPath() != null) {
if (bean.getPath().indexOf("../") != -1) { // if (bean.getPath().indexOf("../") != -1) {
return; // return;
} // }
if(StrUtil.contains(bean.getPath(), "../")||StrUtil.contains(bean.getPath(), "..\\")){ // if(StrUtil.contains(bean.getPath(), "../")||StrUtil.contains(bean.getPath(), "..\\")){
throw new RuntimeException("文件路径异常!"); // throw new RuntimeException("文件路径异常!");
} // }
} // }
// 设置文件MIME类型 // // 设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8"); // response.setContentType("application/form-data;charset=utf-8");
// String downloadFileName=Encodes.urlEncode(bean.getName()); // // String downloadFileName=Encodes.urlEncode(bean.getName());
String downloadFileName = new String(bean.getName().getBytes("gbk"), "ISO8859-1"); // String downloadFileName = new String(bean.getName().getBytes("gbk"), "ISO8859-1");
String agent = (String) request.getHeader("USER-AGENT"); // String agent = (String) request.getHeader("USER-AGENT");
if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) { // if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(bean.getName().getBytes("UTF-8")))) // downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(bean.getName().getBytes("UTF-8"))))
+ "?="; // + "?=";
} /* // } /*
* else{ downloadFileName = URLDecoder.decode(bean.getName(), // * else{ downloadFileName = URLDecoder.decode(bean.getName(),
* "UTF-8"); } // * "UTF-8"); }
*/ // */
// 设置Content-Disposition // // 设置Content-Disposition
response.setHeader("Content-Disposition", "attachment; filename=\"" + downloadFileName + "\""); // response.setHeader("Content-Disposition", "attachment; filename=\"" + downloadFileName + "\"");
// 获取目标文件的绝对路径 // // 获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath(); // String fullFileName = GConstants.FILE_UPLOAD_DIR + bean.getPath();
if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")) { // if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")) {
throw new RuntimeException("文件路径异常!"); // throw new RuntimeException("文件路径异常!");
} // }
File downloadFile = new File(fullFileName); // File downloadFile = new File(fullFileName);
LOG.error("文件下载地址:" + downloadFile.getAbsolutePath()); // LOG.error("文件下载地址:" + downloadFile.getAbsolutePath());
System.out.println("文件下载地址:" + downloadFile.getAbsolutePath()); // System.out.println("文件下载地址:" + downloadFile.getAbsolutePath());
// 读取文件 // // 读取文件
in = new FileInputStream(downloadFile); // in = new FileInputStream(downloadFile);
out = response.getOutputStream(); // out = response.getOutputStream();
//
// 写文件 // // 写文件
int b; // int b;
while ((b = in.read()) != -1) { // while ((b = in.read()) != -1) {
out.write(b); // out.write(b);
} // }
out.flush(); // out.flush();
} catch (Exception e) { // } catch (Exception e) {
System.out.println(e.getMessage()); // System.out.println(e.getMessage());
// TODO: handle exception // // TODO: handle exception
e.printStackTrace(); // e.printStackTrace();
} finally { // } finally {
IOUtils.closeQuietly(in); // IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out); // IOUtils.closeQuietly(out);
} // }
} }
// public static String GetImageStr(String imgFile) // public static String GetImageStr(String imgFile)
...@@ -410,43 +410,43 @@ public class UploadController { ...@@ -410,43 +410,43 @@ public class UploadController {
@RequestMapping("/verifFile") @RequestMapping("/verifFile")
public ResponseBean verifFile(HttpServletRequest request, RequestBean requestBean) { public ResponseBean verifFile(HttpServletRequest request, RequestBean requestBean) {
ResponseBean responseBean = new ResponseBean(); ResponseBean responseBean = new ResponseBean();
String stream = request.getParameter("fileStream"); // String stream = request.getParameter("fileStream");
String filePath = StrUtil.replace(StrUtil.replace(request.getParameter("filePath"), "../", ""),"..\\",""); // String filePath = StrUtil.replace(StrUtil.replace(request.getParameter("filePath"), "../", ""),"..\\","");
String fileDir = StrUtil.replace(StrUtil.replace(request.getParameter("fileDir"), "../", ""),"..\\",""); // String fileDir = StrUtil.replace(StrUtil.replace(request.getParameter("fileDir"), "../", ""),"..\\","");
ByteArrayInputStream bais = null; // ByteArrayInputStream bais = null;
FileOutputStream ostream = null; // FileOutputStream ostream = null;
try { // try {
byte buf[] = stream.getBytes("utf-8"); // byte buf[] = stream.getBytes("utf-8");
bais = new ByteArrayInputStream(buf); // bais = new ByteArrayInputStream(buf);
POIFSFileSystem poifs = new POIFSFileSystem(); // POIFSFileSystem poifs = new POIFSFileSystem();
DirectoryEntry directory = poifs.getRoot(); // DirectoryEntry directory = poifs.getRoot();
directory.createDocument("WordDocument", bais); // directory.createDocument("WordDocument", bais);
//
// 文件保存地址 // // 文件保存地址
String path = GConstants.FILE_UPLOAD_DIR + filePath; // String path = GConstants.FILE_UPLOAD_DIR + filePath;
if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) { // if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) {
throw new RuntimeException("文件路径非法"); // throw new RuntimeException("文件路径非法");
} // }
File uploadFilePath = new File(path); // File uploadFilePath = new File(path);
if (uploadFilePath.exists()) { // if (uploadFilePath.exists()) {
return responseBean; // return responseBean;
} // }
String path = GConstants.FILE_UPLOAD_DIR + fileDir; // String path1 = GConstants.FILE_UPLOAD_DIR + fileDir;
if (StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")) { // if (StrUtil.contains(path1,"../")||StrUtil.contains(path1,"..\\")) {
throw new RuntimeException("文件路径非法"); // throw new RuntimeException("文件路径非法");
} // }
File baseUploadDir = new File(path); // File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建 // if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
ostream = new FileOutputStream(uploadFilePath); // ostream = new FileOutputStream(uploadFilePath);
poifs.writeFilesystem(ostream); // poifs.writeFilesystem(ostream);
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally { // } finally {
IOUtils.closeQuietly(bais); // IOUtils.closeQuietly(bais);
IOUtils.closeQuietly(ostream); // IOUtils.closeQuietly(ostream);
} // }
responseBean.setStatus(ErrorCode.STATUS_CODE_2000); responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
responseBean.setMessage(GConstants.OK); responseBean.setMessage(GConstants.OK);
......
src/com/ejweb/modules/upload/service/UploadService.java
...@@ -94,55 +94,55 @@ public class UploadService extends BaseService<UploadDao>{ ...@@ -94,55 +94,55 @@ public class UploadService extends BaseService<UploadDao>{
} }
List<UploadFileBean> uploadFiles = null; List<UploadFileBean> uploadFiles = null;
// boolean isVerifyFileName = true;// 是否需要验证文件名称 // boolean isVerifyFileName = true;// 是否需要验证文件名称
String message = validate(uploadFile); // String message = validate(uploadFile);
if(message == null){ // if(message == null){
// uploadFile.setSize(0); //// uploadFile.setSize(0);
// uploadFile.setUrl(GConstants.FILE_PREFIX_URL); //// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
uploadFiles = new ArrayList<UploadFileBean>(6);
uploadFile.setFiles(uploadFiles);
// uploadFiles = uploadFile.getFiles();
// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
// uploadFiles = new ArrayList<UploadFileBean>(6); // uploadFiles = new ArrayList<UploadFileBean>(6);
// uploadFile.setFiles(uploadFiles); // uploadFile.setFiles(uploadFiles);
//// isVerifyFileName = false; //// uploadFiles = uploadFile.getFiles();
//// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
//// uploadFiles = new ArrayList<UploadFileBean>(6);
//// uploadFile.setFiles(uploadFiles);
////// isVerifyFileName = false;
//// }
//
//// String moduleName = uploadFile.getModule();// 模块名称
//// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
//// moduleName = "files";
//// } else{
//// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
//// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
//// moduleName = "files";
//// }
//// uploadFile.setModule(moduleName);
//
// // 生成本次会话的随机数随机数
// String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
// +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
//// uploadFile.setSessionId(sessionId);
// for (CommonsMultipartFile file:files) {// 遍历所有提交的文件
// try {
// String originalFilename = file.getOriginalFilename();
// if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
// InputStream in = file.getInputStream();
//
// String contentType = uploadFile.getContentType();
// UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
// uploadFile.getModule(), uploadFile.getAppCode(), clientip);
// uploadFiles.add(fileBean);
// } // }
// } catch (Exception e) {
// String moduleName = uploadFile.getModule();// 模块名称 // // TODO: handle exception
// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
// moduleName = "files";
// } else{
// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
// moduleName = "files";
// } // }
// uploadFile.setModule(moduleName); //// if(file !=null){
//// // 统一文件处理
// 生成本次会话的随机数随机数 //// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":" //// sessionId, file, clientip);
+System.currentTimeMillis()+":"+Util.getRandom(100, 999)); //// }
// uploadFile.setSessionId(sessionId); // }
for (CommonsMultipartFile file:files) {// 遍历所有提交的文件 // return uploadFiles;
try {
String originalFilename = file.getOriginalFilename();
if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
InputStream in = file.getInputStream();
String contentType = uploadFile.getContentType();
UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
uploadFile.getModule(), uploadFile.getAppCode(), clientip);
uploadFiles.add(fileBean);
}
} catch (Exception e) {
// TODO: handle exception
}
// if(file !=null){
// // 统一文件处理
// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
// sessionId, file, clientip);
// } // }
}
return uploadFiles;
}
return uploadFiles; return uploadFiles;
} }
/** /**
...@@ -179,80 +179,80 @@ public class UploadService extends BaseService<UploadDao>{ ...@@ -179,80 +179,80 @@ public class UploadService extends BaseService<UploadDao>{
@Transactional(readOnly = false) @Transactional(readOnly = false)
public List<UploadFileBean> addMultipartFile(HttpServletRequest request, public List<UploadFileBean> addMultipartFile(HttpServletRequest request,
UploadBean uploadFile, String clientip){ UploadBean uploadFile, String clientip){
try { // try {
List<UploadFileBean> uploadFiles = null; // List<UploadFileBean> uploadFiles = null;
// boolean isVerifyFileName = true;// 是否需要验证文件名称 //// boolean isVerifyFileName = true;// 是否需要验证文件名称
String message = validate(uploadFile); // String message = validate(uploadFile);
if(message == null){ // if(message == null){
// uploadFile.setSize(0); //// uploadFile.setSize(0);
// 创建一个通用的多部分解析器 // // 创建一个通用的多部分解析器
CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver( // CommonsMultipartResolver multipartResolver = new CommonsMultipartResolver(
request.getSession().getServletContext()); // request.getSession().getServletContext());
// 判断 request 是否有文件上传,即多部分请求 // // 判断 request 是否有文件上传,即多部分请求
if (multipartResolver != null && multipartResolver.isMultipart(request)) { // if (multipartResolver != null && multipartResolver.isMultipart(request)) {
//
// uploadFile.setUrl(GConstants.FILE_PREFIX_URL); //// uploadFile.setUrl(GConstants.FILE_PREFIX_URL);
uploadFiles = new ArrayList<UploadFileBean>(6);
uploadFile.setFiles(uploadFiles);
// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
// uploadFiles = new ArrayList<UploadFileBean>(6); // uploadFiles = new ArrayList<UploadFileBean>(6);
// uploadFile.setFiles(uploadFiles); // uploadFile.setFiles(uploadFiles);
// isVerifyFileName = false; //// if(uploadFiles == null){// 如果没有传文件列表则新建一个列表
//// uploadFiles = new ArrayList<UploadFileBean>(6);
//// uploadFile.setFiles(uploadFiles);
//// isVerifyFileName = false;
//// }
//
// String moduleName = uploadFile.getModule();// 模块名称
// if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
// moduleName = "files";
// } else{
// moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
// if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
// moduleName = "files";
// if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
// moduleName = "files";
// } // }
// }
String moduleName = uploadFile.getModule();// 模块名称 //// uploadFile.setModule(moduleName);
if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面 //
moduleName = "files"; // // 生成本次会话的随机数随机数
} else{ // String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串 // +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面 //// uploadFile.setSessionId(sessionId);
moduleName = "files"; // // 转换成多部分request
if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) { // MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request;
moduleName = "files"; // // 取得request中的所有文件名
} // Iterator<String> iter = multiRequest.getFileNames();
} // while (iter.hasNext()) {
// uploadFile.setModule(moduleName); // try {
// 生成本次会话的随机数随机数
String sessionId = DigestUtils.sha1Hex(Util.getRandom(100, 999)+":"
+System.currentTimeMillis()+":"+Util.getRandom(100, 999));
// uploadFile.setSessionId(sessionId);
// 转换成多部分request
MultipartHttpServletRequest multiRequest = (MultipartHttpServletRequest) request;
// 取得request中的所有文件名
Iterator<String> iter = multiRequest.getFileNames();
while (iter.hasNext()) {
try {
MultipartFile file = multiRequest.getFile(iter.next());
if (file != null) {// 取得上传文件
String originalFilename = file.getOriginalFilename();
if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
InputStream in = file.getInputStream();
String contentType = uploadFile.getContentType();
UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
moduleName, uploadFile.getAppCode(), clientip);
uploadFiles.add(fileBean);
}
}
} catch (Exception e) {
// TODO: handle exception
}
// 取得上传文件
// MultipartFile file = multiRequest.getFile(iter.next()); // MultipartFile file = multiRequest.getFile(iter.next());
// file.getName(); // if (file != null) {// 取得上传文件
// if (file != null) { //
// // 统一文件处理 // String originalFilename = file.getOriginalFilename();
// addUploadFile(uploadFiles, uploadFile, isVerifyFileName, // if(StringUtils.isNotBlank(originalFilename)){// 文件扩展名称不能为NULL
// sessionId, file, clientip); // InputStream in = file.getInputStream();
// String contentType = uploadFile.getContentType();
// UploadFileBean fileBean = this.addUploadFile(sessionId, in, file.getName(), originalFilename, contentType,
// moduleName, uploadFile.getAppCode(), clientip);
// uploadFiles.add(fileBean);
// }
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// // 取得上传文件
//// MultipartFile file = multiRequest.getFile(iter.next());
//// file.getName();
//// if (file != null) {
//// // 统一文件处理
//// addUploadFile(uploadFiles, uploadFile, isVerifyFileName,
//// sessionId, file, clientip);
//// }
// }
// }
// return uploadFiles;
// }
// } catch (Exception e) {
// // TODO: handle exception
// } // }
}
}
return uploadFiles;
}
} catch (Exception e) {
// TODO: handle exception
}
return null; return null;
} }
/** /**
...@@ -271,99 +271,99 @@ public class UploadService extends BaseService<UploadDao>{ ...@@ -271,99 +271,99 @@ public class UploadService extends BaseService<UploadDao>{
@Transactional(readOnly = false) @Transactional(readOnly = false)
public UploadFileBean addUploadFile(String sessionId, InputStream in, String inputName, String originalFilename, public UploadFileBean addUploadFile(String sessionId, InputStream in, String inputName, String originalFilename,
String contentType, String moduleName, String appCode, String clientip) { String contentType, String moduleName, String appCode, String clientip) {
//
OutputStream os = null; // OutputStream os = null;
ByteArrayOutputStream baos = null; // ByteArrayOutputStream baos = null;
UploadEntity fileUploadEntity=null; // UploadEntity fileUploadEntity=null;
// InputStream in = null; //// InputStream in = null;
try { // try {
// String originalFilename = file.getOriginalFilename(); //// String originalFilename = file.getOriginalFilename();
if(StringUtils.isBlank(originalFilename)){// 文件扩展名称不能为NULL // if(StringUtils.isBlank(originalFilename)){// 文件扩展名称不能为NULL
LOG.debug("无法获取文件名称:"+originalFilename); // LOG.debug("无法获取文件名称:"+originalFilename);
return null; // return null;
} // }
if("blob".equals(originalFilename)){// 上传的二进制文件,兼容H5文件无法上传的情况 // if("blob".equals(originalFilename)){// 上传的二进制文件,兼容H5文件无法上传的情况
if(StringUtils.isEmpty(contentType)){// 默认为MP3格式 // if(StringUtils.isEmpty(contentType)){// 默认为MP3格式
//
originalFilename = "blob.mp3"; // originalFilename = "blob.mp3";
} else { // } else {
//
originalFilename = "blob."+contentType; // originalFilename = "blob."+contentType;
} // }
} // }
String extesionName = Util.getExtensionName(originalFilename); // String extesionName = Util.getExtensionName(originalFilename);
if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL // if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL
LOG.debug("无法获取文件扩展名:"+originalFilename); // LOG.debug("无法获取文件扩展名:"+originalFilename);
} // }
UploadFileBean fileBean = null; // UploadFileBean fileBean = null;
// uploadFile.setSize(uploadFile.getSize()+1); //// uploadFile.setSize(uploadFile.getSize()+1);
if(extesionName == null || // if(extesionName == null ||
GConstants.FILE_FILTERS.get(extesionName.toLowerCase()) == null){// 不允许上传的文件 // GConstants.FILE_FILTERS.get(extesionName.toLowerCase()) == null){// 不允许上传的文件
//
LOG.debug("此类型文件不允许上传:"+originalFilename); // LOG.debug("此类型文件不允许上传:"+originalFilename);
fileBean = new UploadFileBean(); // fileBean = new UploadFileBean();
fileBean.setInputName(""); // fileBean.setInputName("");
fileBean.setPath(null); // fileBean.setPath(null);
fileBean.setName(originalFilename); // fileBean.setName(originalFilename);
fileBean.setExtesion(extesionName); // fileBean.setExtesion(extesionName);
fileBean.setStatus(2); // fileBean.setStatus(2);
return fileBean; // return fileBean;
} // }
//
// 拿到上传文件的输入流 // // 拿到上传文件的输入流
// in = request.getInputStream(); //// in = request.getInputStream();
in = new BufferedInputStream(in); // in = new BufferedInputStream(in);
baos = new ByteArrayOutputStream(); // baos = new ByteArrayOutputStream();
byte[] buf = new byte[GConstants.BUFFER_SIZE]; // byte[] buf = new byte[GConstants.BUFFER_SIZE];
// 以写字节的方式写文件 // // 以写字节的方式写文件
int size = in.read(buf); // int size = in.read(buf);
while (size != -1) { // while (size != -1) {
baos.write(buf, 0, size); // baos.write(buf, 0, size);
size = in.read(buf); // size = in.read(buf);
} // }
byte[] data = baos.toByteArray(); // byte[] data = baos.toByteArray();
//
// byte[] data = IOUtils.toByteArray(in); //// byte[] data = IOUtils.toByteArray(in);
// 待扩展名称的MOD5 // // 待扩展名称的MOD5
String md5 = DigestUtils.sha1Hex(data)+extesionName; // String md5 = DigestUtils.sha1Hex(data)+extesionName;
//
fileBean = new UploadFileBean(); // fileBean = new UploadFileBean();
fileBean.setName(originalFilename); // fileBean.setName(originalFilename);
if(StringUtils.isBlank(inputName)){ // if(StringUtils.isBlank(inputName)){
fileBean.setInputName(""); // fileBean.setInputName("");
} else { // } else {
fileBean.setInputName(inputName); // fileBean.setInputName(inputName);
} // }
fileBean.setSize(data.length); // fileBean.setSize(data.length);
fileBean.setMd5(md5); // fileBean.setMd5(md5);
fileBean.setExtesion(extesionName); // fileBean.setExtesion(extesionName);
//
if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面 // if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
moduleName = "files"; // moduleName = "files";
} else{ // } else{
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串 // moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
moduleName = moduleName.replaceAll("[\\|//]+", "/"); // moduleName = moduleName.replaceAll("[\\|//]+", "/");
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面 // if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
moduleName = "files"; // moduleName = "files";
if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) { // if (StrUtil.contains(moduleName,"../")||StrUtil.contains(moduleName, "..\\")) {
moduleName = "files"; // moduleName = "files";
} // }
} // }
// 文件保存路径:基本路径+模块名称+日期 // // 文件保存路径:基本路径+模块名称+日期
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis()); // String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis());
if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) { // if (StrUtil.contains(baseDatePath, "../")||StrUtil.contains(baseDatePath, "..\\")) {
throw new RuntimeException("模块名称非法"); // throw new RuntimeException("模块名称非法");
} // }
String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS; // String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
// 上传文件基本地址 // // 上传文件基本地址
String path = GConstants.FILE_UPLOAD_DIR + baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath; // String path = GConstants.FILE_UPLOAD_DIR + baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath;
if(StrUtil.contains(path,"../")||StrUtil.contains(path, "..\\")) { // if(StrUtil.contains(path,"../")||StrUtil.contains(path, "..\\")) {
throw new RuntimeException("文件路径不正确"); // throw new RuntimeException("文件路径不正确");
} // }
File baseUploadDir = new File(path); // File baseUploadDir = new File(path);
if(!baseUploadDir.exists()){// 如果文件夹不存在则创建 // if(!baseUploadDir.exists()){// 如果文件夹不存在则创建
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
// String prefixFilename = ""; // String prefixFilename = "";
// if(StringUtils.isBlank(GConstants.getValue("file.prefix.filename.format")) == false){ // if(StringUtils.isBlank(GConstants.getValue("file.prefix.filename.format")) == false){
...@@ -376,90 +376,90 @@ public class UploadService extends BaseService<UploadDao>{ ...@@ -376,90 +376,90 @@ public class UploadService extends BaseService<UploadDao>{
// } // }
// String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":" // String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":"
// +System.currentTimeMillis()+":"+Util.getRandom(100, 999)); // +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
//
// 文件保存地址 // // 文件保存地址
String path2 = baseUploadDir + md5; // String path2 = baseUploadDir + md5;
if(StrUtil.contains(path2,"../")||StrUtil.contains(path2, "..\\")) { // if(StrUtil.contains(path2,"../")||StrUtil.contains(path2, "..\\")) {
throw new RuntimeException("文件路径不正确"); // throw new RuntimeException("文件路径不正确");
} // }
File uploadFilePath = new File(path2); // File uploadFilePath = new File(path2);
LOG.info("原文件服务器绝对路径:"+uploadFilePath); // LOG.info("原文件服务器绝对路径:"+uploadFilePath);
// 将数据保存到指定文件 // // 将数据保存到指定文件
os = new FileOutputStream(uploadFilePath); // os = new FileOutputStream(uploadFilePath);
os = new BufferedOutputStream(os); // os = new BufferedOutputStream(os);
os.write(data); // os.write(data);
os.flush(); // os.flush();
//
// 设置文件相关信息 // // 设置文件相关信息
fileUploadEntity = new UploadEntity(); // fileUploadEntity = new UploadEntity();
// 如果上传文件为图片则获取图片的宽度高度 // // 如果上传文件为图片则获取图片的宽度高度
if(GConstants.FILE_FILTERS.get(extesionName) != null && // if(GConstants.FILE_FILTERS.get(extesionName) != null &&
GConstants.FILE_FILTERS.get(extesionName)){ // GConstants.FILE_FILTERS.get(extesionName)){
BufferedImage image = this.getBufferedImage(data); // BufferedImage image = this.getBufferedImage(data);
if(image != null){// 生成图片缩略图 // if(image != null){// 生成图片缩略图
fileBean.setWidth(image.getWidth()); // fileBean.setWidth(image.getWidth());
fileBean.setHeight(image.getHeight()); // fileBean.setHeight(image.getHeight());
if(GConstants.FILE_ALLOW_THUMBS){// 图片压缩保存 // if(GConstants.FILE_ALLOW_THUMBS){// 图片压缩保存
//
int with = GConstants.getIntValue("file.image.thumb.width", 640); // int with = GConstants.getIntValue("file.image.thumb.width", 640);
int height = GConstants.getIntValue("file.image.thumb.height", 640); // int height = GConstants.getIntValue("file.image.thumb.height", 640);
if(image.getWidth()>with || image.getHeight()>height){ // if(image.getWidth()>with || image.getHeight()>height){
String path1 = GConstants.FILE_UPLOAD_DIR + // String path1 = GConstants.FILE_UPLOAD_DIR +
baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_THUMBS + GConstants.FS + basePath; // baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_THUMBS + GConstants.FS + basePath;
if (StrUtil.contains(path1,"../")||StrUtil.contains(path1, "..\\")) { // if (StrUtil.contains(path1,"../")||StrUtil.contains(path1, "..\\")) {
throw new RuntimeException("文件路径不正确"); // throw new RuntimeException("文件路径不正确");
} // }
File baseUploadThumbsDir = new File(path1); // File baseUploadThumbsDir = new File(path1);
if(!baseUploadThumbsDir.exists()){// 如果文件夹不存在则创建 // if(!baseUploadThumbsDir.exists()){// 如果文件夹不存在则创建
baseUploadThumbsDir.mkdirs(); // baseUploadThumbsDir.mkdirs();
} // }
File uploadThumbsFilePath = new File(baseUploadThumbsDir, md5); // File uploadThumbsFilePath = new File(baseUploadThumbsDir, md5);
LOG.info("缩略图文件服务器绝对路径:"+uploadThumbsFilePath); // LOG.info("缩略图文件服务器绝对路径:"+uploadThumbsFilePath);
//
Thumbnails.of(image).size(with, height) // Thumbnails.of(image).size(with, height)
.keepAspectRatio(true).outputQuality(1f) // .keepAspectRatio(true).outputQuality(1f)
.toFile(uploadThumbsFilePath); // .toFile(uploadThumbsFilePath);
// 设置缩略图地址前缀 // // 设置缩略图地址前缀
fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5); // fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5);
fileUploadEntity.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5); // fileUploadEntity.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_THUMBS+GConstants.FS+basePath+md5);
} else{ // } else{
//
fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5); // fileBean.setThumbs(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
fileUploadEntity.setThumbs(fileBean.getThumbs()); // fileUploadEntity.setThumbs(fileBean.getThumbs());
} // }
} // }
} // }
} // }
fileUploadEntity.setName(fileBean.getName()); // fileUploadEntity.setName(fileBean.getName());
fileUploadEntity.setModule(moduleName); // fileUploadEntity.setModule(moduleName);
fileUploadEntity.setMd5(md5); // fileUploadEntity.setMd5(md5);
fileUploadEntity.setExtesion(extesionName); // fileUploadEntity.setExtesion(extesionName);
fileUploadEntity.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5); // fileUploadEntity.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
fileUploadEntity.setAppCode(appCode); // fileUploadEntity.setAppCode(appCode);
fileUploadEntity.setWidth(fileBean.getWidth()); // fileUploadEntity.setWidth(fileBean.getWidth());
fileUploadEntity.setHeight(fileBean.getHeight()); // fileUploadEntity.setHeight(fileBean.getHeight());
fileUploadEntity.setSize(data.length); // fileUploadEntity.setSize(data.length);
fileUploadEntity.setClientip(clientip); // fileUploadEntity.setClientip(clientip);
fileUploadEntity.setSessionId(sessionId); // fileUploadEntity.setSessionId(sessionId);
fileUploadEntity.setInputName(fileBean.getInputName()); // fileUploadEntity.setInputName(fileBean.getInputName());
fileUploadEntity.setId(IdWorker.getNextId()); // fileUploadEntity.setId(IdWorker.getNextId());
// 保存文件到数据库 // // 保存文件到数据库
dao.addUploadFile(fileUploadEntity); // dao.addUploadFile(fileUploadEntity);
//
fileBean.setExtesion(extesionName); // fileBean.setExtesion(extesionName);
fileBean.setSize(data.length); // fileBean.setSize(data.length);
fileBean.setMd5(md5); // fileBean.setMd5(md5);
fileBean.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5); // fileBean.setPath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
fileBean.setStatus(1); // fileBean.setStatus(1);
return fileBean; // return fileBean;
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
e.printStackTrace(); // e.printStackTrace();
} finally { // } finally {
IOUtils.closeQuietly(os); // IOUtils.closeQuietly(os);
IOUtils.closeQuietly(in); // IOUtils.closeQuietly(in);
IOUtils.closeQuietly(baos); // IOUtils.closeQuietly(baos);
} // }
return null; return null;
} }
/** /**
......
src/com/ejweb/modules/verify/api/AirlineVerifyController.java
...@@ -715,47 +715,47 @@ public class AirlineVerifyController { ...@@ -715,47 +715,47 @@ public class AirlineVerifyController {
} }
sb.append("</tbody></table>"); // sb.append("</tbody></table>");
//
UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString()); // UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) { // if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
throw new RuntimeException("文件名包含非法字符"); // throw new RuntimeException("文件名包含非法字符");
} // }
InputStream in = null; // InputStream in = null;
OutputStream out = null; // OutputStream out = null;
try { // try {
//
//设置文件MIME类型 // //设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8"); // response.setContentType("application/form-data;charset=utf-8");
String filename = name + ".doc"; // String filename = name + ".doc";
String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1"); // String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1");
String agent = (String) request.getHeader("USER-AGENT"); // String agent = (String) request.getHeader("USER-AGENT");
if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) { // if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?="; // downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?=";
} // }
//设置Content-Disposition // //设置Content-Disposition
response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName); // response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
//获取目标文件的绝对路径 // //获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath(); // String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){ // if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
throw new RuntimeException("文件名包含非法字符"); // throw new RuntimeException("文件名包含非法字符");
//
} // }
//读取文件 // //读取文件
in = new FileInputStream(fullFileName); // in = new FileInputStream(fullFileName);
out = response.getOutputStream(); // out = response.getOutputStream();
//
//写文件 // //写文件
int b; // int b;
while ((b = in.read()) != -1) { // while ((b = in.read()) != -1) {
out.write(b); // out.write(b);
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally { // } finally {
IOUtils.closeQuietly(in); // IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out); // IOUtils.closeQuietly(out);
} // }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment