Skip to content

A
api
Commit e630033e by 罗胜
Options

漏洞问题

parent 6eec98c3
Showing with 516 additions and 512 deletions
resources/esdk_ec_config.properties
...@@ -2,10 +2,12 @@ ...@@ -2,10 +2,12 @@
rest.url=http://218.241.234.131:8086 rest.url=http://218.241.234.131:8086
#connection user name #connection user name
#??DataBaseXml?????
username=f387adfd9ac040d78061c890ead8e215 username=f387adfd9ac040d78061c890ead8e215
#username=esdk_user #username=esdk_user
#connection user password #connection user password
#??DataBaseXml?????
password=c49bc828b17297f1dbcfd394c7835dc6 password=c49bc828b17297f1dbcfd394c7835dc6
#gwIp #gwIp
......
resources/jdbc.properties
...@@ -3,7 +3,9 @@ db.table.prefix=foc_ ...@@ -3,7 +3,9 @@ db.table.prefix=foc_
jdbc.type=mysql jdbc.type=mysql
jdbc.driver.class=com.mysql.jdbc.Driver jdbc.driver.class=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull jdbc.url=jdbc:mysql://81.69.44.115:5508/jd_foc?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull
#??DataBaseXml?????
jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a jdbc.username=b849656b41d3eb136ad6a9d7328d4e6a
#??DataBaseXml?????
jdbc.password=33c9745f057ba48a41d8043f1a007100 jdbc.password=33c9745f057ba48a41d8043f1a007100
#\u521d\u59cb\u5316\u8fde\u63a5 #\u521d\u59cb\u5316\u8fde\u63a5
jdbc.initialSize=0 jdbc.initialSize=0
......
src/com/ejweb/core/conf/GConstants.java
...@@ -121,92 +121,92 @@ public class GConstants { ...@@ -121,92 +121,92 @@ public class GConstants {
private GConstants() { private GConstants() {
// 加载基本配置文件 // 加载基本配置文件
// 加载基本配置文件 // // 加载基本配置文件
InputStream is = null; // InputStream is = null;
ResourceLoader resourceLoader = null; // ResourceLoader resourceLoader = null;
Resource resource = null; // Resource resource = null;
for (String location : resources) {// 加载配置文件 // for (String location : resources) {// 加载配置文件
try { // try {
if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){ // if(StrUtil.contains(location,"../")||StrUtil.contains(location,"..\\")){
continue; // continue;
} // }
resourceLoader = new DefaultResourceLoader(); // resourceLoader = new DefaultResourceLoader();
resource = resourceLoader.getResource(location); // resource = resourceLoader.getResource(location);
is = resource.getInputStream(); // is = resource.getInputStream();
P.load(is); // P.load(is);
//
LOG.debug("加载" + location + "成功"); // LOG.debug("加载" + location + "成功");
} catch (Exception e) { // } catch (Exception e) {
LOG.info("加载" + location + "失败", e); // LOG.info("加载" + location + "失败", e);
} finally { // } finally {
IOUtils.closeQuietly(is); // IOUtils.closeQuietly(is);
} // }
} // }
try { // try {
Enumeration<?> enu = P.propertyNames(); // Enumeration<?> enu = P.propertyNames();
while (enu.hasMoreElements()) { // while (enu.hasMoreElements()) {
try { // try {
String key = (String) enu.nextElement(); // String key = (String) enu.nextElement();
String val = (String) P.get(key); // String val = (String) P.get(key);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE); // SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, KEY_BYTE);
String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8); // String key1 = aes.decryptStr(CONF_DESC_KEY, CharsetUtil.CHARSET_UTF_8);
String decorded = DES3Utils.decrypt(val, key1); // String decorded = DES3Utils.decrypt(val, key1);
if (decorded != null) { // if (decorded != null) {
P.put(key, decorded); // P.put(key, decorded);
} // }
// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要 //// if("is.devmode".equals(key) == false){// 测试模式不需要加密,正式才需要
// String val = (String) P.get(key); //// String val = (String) P.get(key);
// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY); //// String decorded = DES3Utils.decrypt(val, CONF_DESC_KEY);
// if(decorded != null){ //// if(decorded != null){
// P.put(key, decorded); //// P.put(key, decorded);
//// }
//// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// }
// } catch (Exception e) {
// // TODO: handle exception
// }
// try {
// // 上传文件扩展名称限制
// String extensions = GConstants.getValue("file.allow.extensions");
// if (extensions != null && extensions.contains(SEMICOLON)) {
// if (extensions.length() != 0) {
// String[] patternList = extensions.split(SEMICOLON);
// for (String ext : patternList) {
// if (ext.trim().length() != 0) {
// FILE_FILTERS.put(ext.trim().toLowerCase(), false);
// } // }
// } // }
} catch (Exception e) { // }
// TODO: handle exception // }
} // // 图片后缀文件
} // extensions = GConstants.getValue("file.image.extensions");
} catch (Exception e) { // if (extensions != null && extensions.contains(SEMICOLON)) {
// TODO: handle exception // if (extensions.length() != 0) {
} // String[] patternList = extensions.split(SEMICOLON);
try { // for (String ext : patternList) {
// 上传文件扩展名称限制 // if (ext.trim().length() != 0) {
String extensions = GConstants.getValue("file.allow.extensions"); // FILE_FILTERS.put(ext.trim().toLowerCase(), true);
if (extensions != null && extensions.contains(SEMICOLON)) { // }
if (extensions.length() != 0) { // }
String[] patternList = extensions.split(SEMICOLON); // }
for (String ext : patternList) { // }
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), false);
}
}
}
}
// 图片后缀文件
extensions = GConstants.getValue("file.image.extensions");
if (extensions != null && extensions.contains(SEMICOLON)) {
if (extensions.length() != 0) {
String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) {
if (ext.trim().length() != 0) {
FILE_FILTERS.put(ext.trim().toLowerCase(), true);
}
}
}
}
// 临时文件夹路径 // 临时文件夹路径
if (P.getProperty("file.upload.dir") != null) { // if (P.getProperty("file.upload.dir") != null) {
String pathname = P.getProperty("file.upload.dir") + "tmp"; // String pathname = P.getProperty("file.upload.dir") + "tmp";
if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) { // if (StrUtil.contains(pathname, "../")||StrUtil.contains(pathname, "..\\")) {
throw new RuntimeException("临时文件夹路径配置错误"); // throw new RuntimeException("临时文件夹路径配置错误");
} // }
File tmp = new File(pathname); // File tmp = new File(pathname);
if (!tmp.exists()) // if (!tmp.exists())
tmp.mkdirs(); // tmp.mkdirs();
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
e.printStackTrace(); // e.printStackTrace();
} // }
} }
/** /**
...@@ -216,29 +216,29 @@ public class GConstants { ...@@ -216,29 +216,29 @@ public class GConstants {
* @return * @return
*/ */
public static String getValue(String key) { public static String getValue(String key) {
if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){ // if(StrUtil.contains(key, "../")||StrUtil.contains(key, "..\\")){
return null; // return null;
} // }
if (key == null) // if (key == null)
return null; // return null;
if (P.containsKey(key)) { // if (P.containsKey(key)) {
return P.getProperty(key); // return P.getProperty(key);
} // }
String property = System.getProperty(key); // String property = System.getProperty(key);
if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) { // if (StrUtil.isBlank(property)||StrUtil.contains(property, "../")||StrUtil.contains(property, "..\\")) {
return null; return null;
} // }
return property; // return property;
} }
public static String getValue(String key, String want) { public static String getValue(String key, String want) {
String val = getValue(key); // String val = getValue(key);
if (val == null) // if (val == null)
return want; // return want;
if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){ // if(StrUtil.contains(val, "../")||StrUtil.contains(val, "..\\")){
return want; // return want;
} // }
return val; return "";
} }
/** /**
......
src/com/ejweb/core/file/Html2File.java
...@@ -37,95 +37,95 @@ public class Html2File { ...@@ -37,95 +37,95 @@ public class Html2File {
public static UploadFileBean convertHtml2Word(String htmlBody) { public static UploadFileBean convertHtml2Word(String htmlBody) {
// 去掉textarea标签 // 去掉textarea标签
String regEx_style = "<textarea[^>]*?>"; // String regEx_style = "<textarea[^>]*?>";
//
Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE); // Pattern p_script = Pattern.compile(regEx_style, Pattern.CASE_INSENSITIVE);
Matcher m_script = p_script.matcher(htmlBody); // Matcher m_script = p_script.matcher(htmlBody);
htmlBody = m_script.replaceAll(""); // htmlBody = m_script.replaceAll("");
//
htmlBody= htmlBody.replaceAll("<\\/textarea>", ""); // htmlBody= htmlBody.replaceAll("<\\/textarea>", "");
UploadFileBean fileBean = new UploadFileBean(); UploadFileBean fileBean = new UploadFileBean();
fileBean.setPath(null); // fileBean.setPath(null);
ByteArrayInputStream bais = null; // ByteArrayInputStream bais = null;
FileOutputStream ostream = null; // FileOutputStream ostream = null;
try { // try {
fileBean.setExtesion(".doc"); // fileBean.setExtesion(".doc");
String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date()); // String date = new SimpleDateFormat("yyyyMMddHHmmss").format(new java.util.Date());
// 待扩展名称的MOD5 // // 待扩展名称的MOD5
String md5 = date + Util.getRandom(100000, 999999) + ".doc"; // String md5 = date + Util.getRandom(100000, 999999) + ".doc";
// 文件保存路径:基本路径+模块名称+日期 // // 文件保存路径:基本路径+模块名称+日期
String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis()); // String baseDatePath = StrUtil.replace(StrUtil.replace(PathFormatUtils.parse(PATH_FORMAt),"../",""),"..\\","");// FORMAT.format(System.currentTimeMillis());
String basePath = "doc" + GConstants.FS; // String basePath = "doc" + GConstants.FS;
// String outputFile = // // String outputFile =
// baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5; // // baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5;
// String outputFile = "D:/2016/09/214/"+md5; // // String outputFile = "D:/2016/09/214/"+md5;
StringBuffer html = new StringBuffer(); // StringBuffer html = new StringBuffer();
// DOCTYPE 必需写否则类似于 这样的字符解析会出现错误 // // DOCTYPE 必需写否则类似于 这样的字符解析会出现错误
html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" "); // html.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" ");
html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">"); // html.append("\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">"); // html.append("<html xmlns=\"http://www.w3.org/1999/xhtml\">");
html.append("<head>"); // html.append("<head>");
html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />"); // html.append("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />");
html.append("<style type=\"text/css\" mce_bogus=\"1\">"); // html.append("<style type=\"text/css\" mce_bogus=\"1\">");
html.append("body {font-family: SimSun;} "); // html.append("body {font-family: SimSun;} ");
html.append("table "); // html.append("table ");
html.append("{ "); // html.append("{ ");
html.append("border-collapse: collapse; "); // html.append("border-collapse: collapse; ");
html.append("border: none; "); // html.append("border: none; ");
// html.append("width: 200px; "); // // html.append("width: 200px; ");
html.append("} "); // html.append("} ");
html.append("td "); // html.append("td ");
html.append("{ "); // html.append("{ ");
html.append("border: solid #000 1px;"); // html.append("border: solid #000 1px;");
html.append("} "); // html.append("} ");
html.append("</style>"); // html.append("</style>");
html.append("<style type=\"text/css\">img {width: 700px;}</style>"); // html.append("<style type=\"text/css\">img {width: 700px;}</style>");
html.append("</head>"); // html.append("</head>");
html.append("<body>"); // html.append("<body>");
//
html.append("<center>"); // html.append("<center>");
// System.out.println("-----------" + formText); //// System.out.println("-----------" + formText);
html.append(htmlBody); // html.append(htmlBody);
html.append("</center>"); // html.append("</center>");
//
html.append("</body></html>"); // html.append("</body></html>");
//
byte buf[] = html.toString().getBytes("UTF-8"); // byte buf[] = html.toString().getBytes("UTF-8");
fileBean.setSize(buf.length); // fileBean.setSize(buf.length);
bais = new ByteArrayInputStream(buf); // bais = new ByteArrayInputStream(buf);
//
// String md5 = DigestUtils.md5Hex(buf); // String md5 = DigestUtils.md5Hex(buf);
String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\",""); // String baseDir=StrUtil.replace(StrUtil.replace(baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath,"../",""),"..\\","");
// 上传文件基本地址 // // 上传文件基本地址
String path = GConstants.FILE_UPLOAD_DIR + baseDir; // String path = GConstants.FILE_UPLOAD_DIR + baseDir;
if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){ // if(StrUtil.contains(path,"../")||StrUtil.contains(path,"..\\")){
throw new RuntimeException("文件路径非法"); // throw new RuntimeException("文件路径非法");
} // }
File baseUploadDir = new File(path); // File baseUploadDir = new File(path);
if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建 // if (!baseUploadDir.exists()) {// 如果文件夹不存在则创建
//
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
POIFSFileSystem poifs = new POIFSFileSystem(); // POIFSFileSystem poifs = new POIFSFileSystem();
DirectoryEntry directory = poifs.getRoot(); // DirectoryEntry directory = poifs.getRoot();
directory.createDocument("WordDocument", bais); // directory.createDocument("WordDocument", bais);
// 文件保存地址 // // 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5); // File uploadFilePath = new File(baseUploadDir, md5);
ostream = new FileOutputStream(uploadFilePath); // ostream = new FileOutputStream(uploadFilePath);
poifs.writeFilesystem(ostream); // poifs.writeFilesystem(ostream);
String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5; // String path=baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
fileBean.setPath(path); // fileBean.setPath(path);
//
uploadFile(path,baseDir,buf); // uploadFile(path,baseDir,buf);
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally { // } finally {
IOUtils.closeQuietly(bais); // IOUtils.closeQuietly(bais);
IOUtils.closeQuietly(ostream); // IOUtils.closeQuietly(ostream);
} // }
return fileBean; return fileBean;
} }
......
src/com/ejweb/core/geoip/IPSeeker.java
...@@ -68,55 +68,55 @@ public final class IPSeeker { ...@@ -68,55 +68,55 @@ public final class IPSeeker {
private static IPSeeker INS = new IPSeeker(); private static IPSeeker INS = new IPSeeker();
private IPSeeker() { private IPSeeker() {
String dir = GConstants.getValue("geoip.db.dir", null); // String dir = GConstants.getValue("geoip.db.dir", null);
try { // try {
if(dir == null || dir.length() == 0){ // if(dir == null || dir.length() == 0){
dir = IPSeeker.class.getResource("/").getPath(); // dir = IPSeeker.class.getResource("/").getPath();
if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径 // if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS; // dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
} else {// 非WEB项目获取当前路径 // } else {// 非WEB项目获取当前路径
File file = new File(""); // File file = new File("");
dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS; // dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
} // }
} // }
String path = dir + "QQWry.dat"; // String path = dir + "QQWry.dat";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
throw new RuntimeException("IP数据库文件QQWry.dat路径错误"); // throw new RuntimeException("IP数据库文件QQWry.dat路径错误");
} // }
File db = new File(path); // File db = new File(path);
LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath()); // LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
if(db.exists()){ // if(db.exists()){
this.ipFile = new RandomAccessFile(db, "r"); // this.ipFile = new RandomAccessFile(db, "r");
if (this.ipFile != null) { // if (this.ipFile != null) {
this.ipBegin = readLong4(0L); // this.ipBegin = readLong4(0L);
this.ipEnd = readLong4(4L); // this.ipEnd = readLong4(4L);
if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) { // if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
this.ipFile.close(); // this.ipFile.close();
this.ipFile = null; // this.ipFile = null;
} // }
} // }
LOG.info("成功加载QQWry.dat数据库"); // LOG.info("成功加载QQWry.dat数据库");
} // }
} catch (Exception e) { // } catch (Exception e) {
LOG.error("QQWry.dat数据库不可用"); // LOG.error("QQWry.dat数据库不可用");
e.printStackTrace(); // e.printStackTrace();
} // }
try { // try {
String path = dir + "GeoLite2-City.mmdb"; // String path = dir + "GeoLite2-City.mmdb";
if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) { // if (StrUtil.contains(path, "../")||StrUtil.contains(path, "..\\")) {
return ; // return ;
} // }
File db = new File(path); // File db = new File(path);
LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath()); // LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
if(db.exists()){ // if(db.exists()){
reader = new DatabaseReader.Builder(db).build(); // reader = new DatabaseReader.Builder(db).build();
LOG.info("成功加载GeoLite2-City.mmdb数据库"); // LOG.info("成功加载GeoLite2-City.mmdb数据库");
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
LOG.error("GeoLite2-City.mmdb数据库不可用"); // LOG.error("GeoLite2-City.mmdb数据库不可用");
} // }
} }
public static IPSeeker getInstance() { public static IPSeeker getInstance() {
......
src/com/ejweb/core/util/PlanUtil.java
...@@ -36,49 +36,49 @@ import com.ejweb.modules.verify.entity.ConnectionPlan; ...@@ -36,49 +36,49 @@ import com.ejweb.modules.verify.entity.ConnectionPlan;
public class PlanUtil { public class PlanUtil {
public static List<ConnectionPlan> planlist(String fileName,String filePath){ public static List<ConnectionPlan> planlist(String fileName,String filePath){
//读取文件 //读取文件
try { // try {
//
//获取目标文件的绝对路径 // //获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath; // String fullFileName = GConstants.FILE_UPLOAD_DIR+filePath;
if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) { // if (StrUtil.contains(fullFileName, "../")||StrUtil.contains(fullFileName, "..\\")) {
return null; // return null;
} // }
InputStream in = null; // InputStream in = null;
in = new FileInputStream(fullFileName); // in = new FileInputStream(fullFileName);
ImportExcel ei = new ImportExcel(fileName,in, 1, 0); // ImportExcel ei = new ImportExcel(fileName,in, 1, 0);
try { // try {
List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class); // List<ConnectionPlan> lst = ei.getDataList(ConnectionPlan.class);
List<ConnectionPlan> list=new ArrayList<ConnectionPlan>(); // List<ConnectionPlan> list=new ArrayList<ConnectionPlan>();
for(ConnectionPlan p:lst){ // for(ConnectionPlan p:lst){
//
p.setField10(getTime(p.getField10())); // p.setField10(getTime(p.getField10()));
p.setField11(getTime(p.getField11())); // p.setField11(getTime(p.getField11()));
p.setField13(getTime(p.getField13())); // p.setField13(getTime(p.getField13()));
p.setField14(getTime(p.getField14())); // p.setField14(getTime(p.getField14()));
p.setField17(getTime(p.getField17())); // p.setField17(getTime(p.getField17()));
p.setField18(getTime(p.getField18())); // p.setField18(getTime(p.getField18()));
if(StringUtils.isNoneBlank(p.getField1())){ // if(StringUtils.isNoneBlank(p.getField1())){
list.add(p); // list.add(p);
} // }
} // }
return list; // return list;
} catch (InstantiationException e) { // } catch (InstantiationException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} catch (IllegalAccessException e) { // } catch (IllegalAccessException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} // }
} catch (FileNotFoundException e) { // } catch (FileNotFoundException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} catch (InvalidFormatException e) { // } catch (InvalidFormatException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} catch (IOException e) { // } catch (IOException e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
} // }
return null; return null;
} }
private static String getTime(String f){ private static String getTime(String f){
......
src/com/ejweb/core/util/ireport/JRView.java
...@@ -26,79 +26,79 @@ public class JRView extends JasperReportsMultiFormatView { ...@@ -26,79 +26,79 @@ public class JRView extends JasperReportsMultiFormatView {
} }
protected JasperPrint fillReport(final Map<String, Object> model) throws Exception { protected JasperPrint fillReport(final Map<String, Object> model) throws Exception {
if (model.containsKey("url")) { // if (model.containsKey("url")) {
// setUrl(String.valueOf(model.get("url"))); //// setUrl(String.valueOf(model.get("url")));
this.report = loadReport(new Resource() { // this.report = loadReport(new Resource() {
@Override // @Override
public boolean exists() { // public boolean exists() {
return new File(String.valueOf(model.get("url"))).isFile(); // return new File(String.valueOf(model.get("url"))).isFile();
} // }
//
@Override // @Override
public boolean isReadable() { // public boolean isReadable() {
return false; // return false;
} // }
//
@Override // @Override
public boolean isOpen() { // public boolean isOpen() {
return false; // return false;
} // }
//
@Override // @Override
public URL getURL() throws IOException { // public URL getURL() throws IOException {
return null; // return null;
} // }
//
@Override // @Override
public URI getURI() throws IOException { // public URI getURI() throws IOException {
return null; // return null;
} // }
//
@Override // @Override
public File getFile() throws IOException { // public File getFile() throws IOException {
return new File(String.valueOf(model.get("url"))); // return new File(String.valueOf(model.get("url")));
} // }
//
@Override // @Override
public long contentLength() throws IOException { // public long contentLength() throws IOException {
return 0; // return 0;
} // }
//
@Override // @Override
public long lastModified() throws IOException { // public long lastModified() throws IOException {
return 0; // return 0;
} // }
//
@Override // @Override
public Resource createRelative(String relativePath) throws IOException { // public Resource createRelative(String relativePath) throws IOException {
return null; // return null;
} // }
//
@Override // @Override
public String getFilename() { // public String getFilename() {
return new File(String.valueOf(model.get("url"))).getName(); // return new File(String.valueOf(model.get("url"))).getName();
} // }
//
@Override // @Override
public String getDescription() { // public String getDescription() {
return null; // return null;
} // }
//
@Override // @Override
public InputStream getInputStream() throws IOException { // public InputStream getInputStream() throws IOException {
String url = String.valueOf(model.get("url")); // String url = String.valueOf(model.get("url"));
if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) { // if (StrUtil.contains(url,"../")||StrUtil.contains(url,"..\\")) {
throw new RuntimeException("文件路径不合法"); // throw new RuntimeException("文件路径不合法");
} // }
return new FileInputStream(url); // return new FileInputStream(url);
} // }
}); // });
} // }
if (model.containsKey("exportFileName")) { // if (model.containsKey("exportFileName")) {
Properties properties = new Properties(); // Properties properties = new Properties();
properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1")); // properties.setProperty("Content-Disposition", "attachment; filename=" + new String(String.valueOf(model.get("exportFileName")).getBytes("gbk"), "ISO8859-1"));
setHeaders(properties); // setHeaders(properties);
} // }
return super.fillReport(model); return super.fillReport(model);
} }
......
src/com/ejweb/modules/call/api/SoundRecordingController.java
...@@ -85,39 +85,39 @@ public class SoundRecordingController { ...@@ -85,39 +85,39 @@ public class SoundRecordingController {
SoundRecordingDownloadBean bean = requestBean.getObjectBean(SoundRecordingDownloadBean.class); SoundRecordingDownloadBean bean = requestBean.getObjectBean(SoundRecordingDownloadBean.class);
String message = soundRecordingService.validate(bean); String message = soundRecordingService.validate(bean);
if (message == null) { if (message == null) {
ServletOutputStream outputStream = null; // ServletOutputStream outputStream = null;
InputStream inputStream = null; // InputStream inputStream = null;
HttpURLConnection urlCon = null; // HttpURLConnection urlCon = null;
try { // try {
bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/")); // bean.setDownloadUrl(bean.getDownloadUrl().replaceAll("\\\\", "/"));
if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) { // if (!StrUtil.contains(bean.getDownloadUrl(), "https://ifos.jdair.ne")) {
throw new RuntimeException("录音文件地址不合法"); // throw new RuntimeException("录音文件地址不合法");
} // }
String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length()); // String fileName = bean.getDownloadUrl().substring(bean.getDownloadUrl().lastIndexOf("/") + 1, bean.getDownloadUrl().length());
response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1")); // response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
outputStream = response.getOutputStream(); // outputStream = response.getOutputStream();
URL url = new URL(bean.getDownloadUrl()); // URL url = new URL(bean.getDownloadUrl());
urlCon = (HttpURLConnection)url.openConnection(); // urlCon = (HttpURLConnection)url.openConnection();
urlCon.setConnectTimeout(30000); // urlCon.setConnectTimeout(30000);
urlCon.setReadTimeout(30000); //最多连接30秒 // urlCon.setReadTimeout(30000); //最多连接30秒
inputStream = urlCon.getInputStream(); // inputStream = urlCon.getInputStream();
byte []bytes = new byte[1024]; // byte []bytes = new byte[1024];
int len = 0; // int len = 0;
while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) { // while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
outputStream.write(bytes, 0, len); // outputStream.write(bytes, 0, len);
outputStream.flush(); // outputStream.flush();
} // }
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} finally { // } finally {
if (urlCon != null) {urlCon.disconnect();} // if (urlCon != null) {urlCon.disconnect();}
try { // try {
if (inputStream != null) {inputStream.close();} // if (inputStream != null) {inputStream.close();}
if (outputStream != null) {outputStream.close();} // if (outputStream != null) {outputStream.close();}
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} // }
} // }
return null; return null;
} else { } else {
// 参数校验为通过 // 参数校验为通过
......
src/com/ejweb/modules/flight/api/AirCarrierController.java
...@@ -114,95 +114,95 @@ public class AirCarrierController { ...@@ -114,95 +114,95 @@ public class AirCarrierController {
public ResponseBean findAirCarrierFlightList(RequestBean requestBean){ public ResponseBean findAirCarrierFlightList(RequestBean requestBean){
ResponseBean responseBean = new ResponseBean(); ResponseBean responseBean = new ResponseBean();
//
AirCarrierDetailBean bean = requestBean.getObjectBean(AirCarrierDetailBean.class); AirCarrierDetailBean bean = requestBean.getObjectBean(AirCarrierDetailBean.class);
String message = airCarrierService.validate(bean); String message = airCarrierService.validate(bean);
if(message == null){// 数据校验通过 // if(message == null){// 数据校验通过
//
if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天 // if(StringUtils.isBlank(bean.getQueryDate())){// 默认日期为当天
SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd"); // SimpleDateFormat format=new SimpleDateFormat("yyyy-MM-dd");
String today=format.format(System.currentTimeMillis()); // String today=format.format(System.currentTimeMillis());
bean.setQueryDate(today); // bean.setQueryDate(today);
} // }
List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean); // List<AirCarrierFlightListEntity> list = airCarrierService.findAirCarrierFlightList(bean);
if(list == null || list.size() == 0){ // if(list == null || list.size() == 0){
//
responseBean.setData(list); // responseBean.setData(list);
responseBean.setMessage(GConstants.EMPTY); // responseBean.setMessage(GConstants.EMPTY);
responseBean.setStatus(ErrorCode.STATUS_CODE_2001); // responseBean.setStatus(ErrorCode.STATUS_CODE_2001);
return responseBean; // return responseBean;
} // }
//
//最新同步时间 // //最新同步时间
Date latestModifyTime = flightService.getLatestModify(); // Date latestModifyTime = flightService.getLatestModify();
//
for(AirCarrierFlightListEntity flight:list){ // for(AirCarrierFlightListEntity flight:list){
flight.setLatestModifyTime(latestModifyTime); // flight.setLatestModifyTime(latestModifyTime);
// 设置机组人员信息 // // 设置机组人员信息
flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(), // flight.setCrewList(airCarrierService.getFlightCrewGroupList(flight.getFlightNo(), flight.getFlightDate(),
flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState())); // flight.getAcLongNo(), flight.getDepStn(), flight.getArrStn(), bean.getNeedOnlineState()));
// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo())); //// flight.setCrewList(flightService.getFlightCrewList(flight.getFlightNo()));
//
// 起飞机场联系人列表 // // 起飞机场联系人列表
flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn())); // flight.setDepContactList(airportContactService.findAirportContactList(flight.getDepStn()));
//
// 到达机场联系人列表 // // 到达机场联系人列表
flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn())); // flight.setArrContactList(airportContactService.findAirportContactList(flight.getArrStn()));
//
// 开航指令下载地址 // // 开航指令下载地址
SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(), // SailingFileEntity sailingFile = sailingFileService.getSailingFileByAirLine(flight.getAcLongNo(),
flight.getDepStn(), flight.getArrStn()); // flight.getDepStn(), flight.getArrStn());
if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){ // if(sailingFile != null && StringUtils.isNotBlank(sailingFile.getFilePath())){
//
flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath())); // flight.setSailingFile(Util.getAbsoluteUrl(sailingFile.getFilePath()));
} // }
// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc"); //// flight.setSailingFile("http://www.gdcrj.com/wsfwdt/bgxz/gdly0902.doc");
//
// 获取到的机场的所有场站的席位列表 // // 获取到的机场的所有场站的席位列表
// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表 //// flight.setDepSeatList(seatService.findSeatListByIata(flight.getDepStn()));// 起飞机场席位列表
// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表 //// flight.setArrSeatList(seatService.findSeatListByIata(flight.getArrStn()));// 到达机场席位列表
//
List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表 // List<SeatListEntity> depSeatList = seatService.findSeatListByIata(flight.getDepStn());// 起飞机场席位列表
List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表 // List<SeatListEntity> arrSeatList = seatService.findSeatListByIata(flight.getArrStn());// 到达机场席位列表
//
flight.setDepSeatList(depSeatList);// 起飞机场席位列表 // flight.setDepSeatList(depSeatList);// 起飞机场席位列表
flight.setArrSeatList(arrSeatList);// 到达机场席位列表 // flight.setArrSeatList(arrSeatList);// 到达机场席位列表
if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像 // if(depSeatList != null && depSeatList.size()>0){// 获取起飞组合头像
List<String> avatarList = new ArrayList<String>(); // List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:depSeatList){ // for(SeatListEntity seat:depSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){ // if(StringUtils.isNotBlank(seat.getPhoto())){
//
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto()); // avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
} // }
} // }
String depSeatAvatar = ImageUtil.combine(avatarList); // String depSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(depSeatAvatar)){ // if(StringUtils.isNotBlank(depSeatAvatar)){
//
flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar)); // flight.setDepSeatAvatar(Util.getAbsoluteUrl(depSeatAvatar));
} // }
} // }
//
if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像 // if(arrSeatList != null && arrSeatList.size()>0){// 获取到达组合头像
List<String> avatarList = new ArrayList<String>(); // List<String> avatarList = new ArrayList<String>();
for(SeatListEntity seat:arrSeatList){ // for(SeatListEntity seat:arrSeatList){
if(StringUtils.isNotBlank(seat.getPhoto())){ // if(StringUtils.isNotBlank(seat.getPhoto())){
//
avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto()); // avatarList.add(GConstants.FILE_UPLOAD_DIR+seat.getPhoto());
} // }
} // }
String arrSeatAvatar = ImageUtil.combine(avatarList); // String arrSeatAvatar = ImageUtil.combine(avatarList);
if(StringUtils.isNotBlank(arrSeatAvatar)){ // if(StringUtils.isNotBlank(arrSeatAvatar)){
//
flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar)); // flight.setArrSeatAvatar(Util.getAbsoluteUrl(arrSeatAvatar));
} // }
} // }
} // }
//
responseBean.setData(list); // responseBean.setData(list);
responseBean.setMessage(GConstants.OK); // responseBean.setMessage(GConstants.OK);
responseBean.setStatus(ErrorCode.STATUS_CODE_2000); // responseBean.setStatus(ErrorCode.STATUS_CODE_2000);
return responseBean; // return responseBean;
} // }
responseBean.setMessage(message); responseBean.setMessage(message);
responseBean.setStatus(ErrorCode.STATUS_CODE_4001); responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
return responseBean; return responseBean;
......
src/com/ejweb/modules/verify/api/AirlineVerifyController.java
...@@ -715,47 +715,47 @@ public class AirlineVerifyController { ...@@ -715,47 +715,47 @@ public class AirlineVerifyController {
} }
sb.append("</tbody></table>"); // sb.append("</tbody></table>");
//
UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString()); // UploadFileBean uploadFileBean = Html2File.convertHtml2Word(sb.toString());
if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) { // if (StrUtil.contains(uploadFileBean.getPath(), "../")||StrUtil.contains(uploadFileBean.getPath(), "..\\")) {
throw new RuntimeException("文件名包含非法字符"); // throw new RuntimeException("文件名包含非法字符");
} // }
InputStream in = null; // InputStream in = null;
OutputStream out = null; // OutputStream out = null;
try { // try {
//
//设置文件MIME类型 // //设置文件MIME类型
response.setContentType("application/form-data;charset=utf-8"); // response.setContentType("application/form-data;charset=utf-8");
String filename = name + ".doc"; // String filename = name + ".doc";
String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1"); // String downloadFileName = new String(filename.getBytes("gbk"), "ISO8859-1");
String agent = (String) request.getHeader("USER-AGENT"); // String agent = (String) request.getHeader("USER-AGENT");
if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) { // if (agent != null && agent.toLowerCase().indexOf("firefox") > 0) {
downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?="; // downloadFileName = "=?UTF-8?B?" + (new String(Base64.encodeBase64(filename.getBytes("UTF-8")))) + "?=";
} // }
//设置Content-Disposition // //设置Content-Disposition
response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName); // response.setHeader("Content-Disposition", "attachment; filename=" + downloadFileName);
//获取目标文件的绝对路径 // //获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath(); // String fullFileName = GConstants.FILE_UPLOAD_DIR + uploadFileBean.getPath();
if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){ // if(StrUtil.contains(fullFileName,"../")||StrUtil.contains(fullFileName,"..\\")){
throw new RuntimeException("文件名包含非法字符"); // throw new RuntimeException("文件名包含非法字符");
//
} // }
//读取文件 // //读取文件
in = new FileInputStream(fullFileName); // in = new FileInputStream(fullFileName);
out = response.getOutputStream(); // out = response.getOutputStream();
//
//写文件 // //写文件
int b; // int b;
while ((b = in.read()) != -1) { // while ((b = in.read()) != -1) {
out.write(b); // out.write(b);
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally { // } finally {
IOUtils.closeQuietly(in); // IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out); // IOUtils.closeQuietly(out);
} // }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment