Skip to content

F
foc_manage
Commit 6f0c05b3 by 罗胜
Options

漏洞问题处理

parent 915254dc
Showing with 751 additions and 750 deletions
WebContent/WEB-INF/views/modules/airline/SailingFileForm.jsp
...@@ -83,7 +83,7 @@ ...@@ -83,7 +83,7 @@
<a href="${ctx}/airline/verify/list"><input id="btnCancel" class="btn" type="button" value="返回" /></a> </div> <a href="${ctx}/airline/verify/list"><input id="btnCancel" class="btn" type="button" value="返回" /></a> </div>
</form:form> </form:form>
<form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data"> <form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/> <%--<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>--%>
<input type="submit" value="确认提交"> <input type="submit" value="确认提交">
</form> </form>
......
WebContent/WEB-INF/views/modules/airline/contactsForm.jsp
...@@ -12,20 +12,20 @@ ...@@ -12,20 +12,20 @@
<script type="text/javascript"> <script type="text/javascript">
$(document).ready(function() { $(document).ready(function() {
$("#no").focus(); $("#no").focus();
$.get("${ctx}/airline/contacts/departData", null, function(data) { <%--$.get("${ctx}/airline/contacts/departData", null, function(data) {--%>
if (!!data) { <%--if (!!data) {--%>
var html = " "; <%-- var html = " ";--%>
for (var i = 0; i < data.length; i ++) { <%-- for (var i = 0; i < data.length; i ++) {--%>
if(data[i].id!=null){ <%-- if(data[i].id!=null){--%>
html += "<option value='" + data[i].id + "'>" + data[i].departName + "</option>" <%-- html += "<option value='" + data[i].id + "'>" + data[i].departName + "</option>"--%>
} <%-- }--%>
} <%-- }--%>
var domParser = new DOMParser(); <%-- var domParser = new DOMParser();--%>
var doc = domParser.parseFromString(html, 'text/html'); <%-- var doc = domParser.parseFromString(html, 'text/html');--%>
$("#depart").innerHTML(doc); <%-- $("#depart").innerHTML(doc);--%>
} <%--}--%>
$("#depart").select2().val("${userProfileEntity.departId}").trigger("change"); <%--$("#depart").select2().val("${userProfileEntity.departId}").trigger("change");--%>
}); <%--});--%>
$("#inputForm").validate({ $("#inputForm").validate({
rules: { rules: {
loginName: {remote: "${ctx}/sys/user/checkLoginName?oldLoginName=" + encodeURIComponent('${userProfileEntity.loginName}')}, loginName: {remote: "${ctx}/sys/user/checkLoginName?oldLoginName=" + encodeURIComponent('${userProfileEntity.loginName}')},
......
WebContent/WEB-INF/views/modules/airline/verifyList.jsp
...@@ -58,7 +58,7 @@ ...@@ -58,7 +58,7 @@
<div id="importBox" class="hide"> <div id="importBox" class="hide">
<form id="importForm" action="${ctx}/airline/verify/import" method="post" enctype="multipart/form-data" <form id="importForm" action="${ctx}/airline/verify/import" method="post" enctype="multipart/form-data"
class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/> class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/>
<input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/> <%-- <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>--%>
<input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/> <input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/>
<a href="${ctx}/airline/verify/import/template">下载模板</a> <a href="${ctx}/airline/verify/import/template">下载模板</a>
</form> </form>
...@@ -157,7 +157,7 @@ ...@@ -157,7 +157,7 @@
</table> </table>
<div class="pagination">${page}</div> <div class="pagination">${page}</div>
<form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data"> <form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/> <%--<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>--%>
<input type="submit" value="确认提交"> <input type="submit" value="确认提交">
</form> </form>
......
WebContent/WEB-INF/views/modules/airline/verifyUpdateUserList.jsp
...@@ -74,7 +74,7 @@ ...@@ -74,7 +74,7 @@
<form id="importForm" action="${ctx}/airline/verify/import" method="post" enctype="multipart/form-data" <form id="importForm" action="${ctx}/airline/verify/import" method="post" enctype="multipart/form-data"
class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"> class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');">
<br/> <br/>
<input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/> <%-- <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>--%>
<input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/> <input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/>
<a href="${ctx}/airline/verify/import/template">下载模板</a> <a href="${ctx}/airline/verify/import/template">下载模板</a>
</form> </form>
...@@ -152,7 +152,7 @@ ...@@ -152,7 +152,7 @@
<div class="pagination">${page}</div> <div class="pagination">${page}</div>
<form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post" <form style="display:none" id="form" action="dynamicFields.action?method=uploadFile" method="post"
enctype="multipart/form-data"> enctype="multipart/form-data">
<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/> <%-- <input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>--%>
<input type="submit" value="确认提交"> <input type="submit" value="确认提交">
</form> </form>
......
WebContent/WEB-INF/views/modules/contact/airportBaseList.jsp
...@@ -100,7 +100,7 @@ ...@@ -100,7 +100,7 @@
<div id="importBox" class="hide"> <div id="importBox" class="hide">
<form id="importForm" action="${ctx}/contact/airportBase/import" method="post" enctype="multipart/form-data" <form id="importForm" action="${ctx}/contact/airportBase/import" method="post" enctype="multipart/form-data"
class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/> class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/>
<input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>   <%-- <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>  --%>
<input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/> <input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/>
<a href="${ctx}/contact/airportBase/template">下载模板</a> <a href="${ctx}/contact/airportBase/template">下载模板</a>
</form> </form>
......
WebContent/WEB-INF/views/modules/contact/airportList.jsp
...@@ -81,7 +81,7 @@ ...@@ -81,7 +81,7 @@
<div id="importBox" class="hide"> <div id="importBox" class="hide">
<form id="importForm" action="${ctx}/contact/airport/batchImport" method="post" enctype="multipart/form-data" <form id="importForm" action="${ctx}/contact/airport/batchImport" method="post" enctype="multipart/form-data"
class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/> class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/>
<input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx'/><br/><br/> <%-- <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx'/><br/><br/>--%>
<input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/> <input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/>
<a href="${ctx}/contact/airport/batchImport/template">下载模板</a> <a href="${ctx}/contact/airport/batchImport/template">下载模板</a>
</form> </form>
......
WebContent/WEB-INF/views/modules/contact/contactsList.jsp
...@@ -125,7 +125,7 @@ ...@@ -125,7 +125,7 @@
<div id="importBox" class="hide"> <div id="importBox" class="hide">
<form id="importForm" action="${ctx}/contact/contacts/batchImport" method="post" enctype="multipart/form-data" <form id="importForm" action="${ctx}/contact/contacts/batchImport" method="post" enctype="multipart/form-data"
class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/> class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/>
<input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/> <%-- <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>--%>
<input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/> <input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/>
<a href="${ctx}/contact/contacts/batchImport/template">下载模板</a> <a href="${ctx}/contact/contacts/batchImport/template">下载模板</a>
</form> </form>
......
WebContent/WEB-INF/views/modules/contact/seatForm.jsp
...@@ -282,7 +282,7 @@ ...@@ -282,7 +282,7 @@
</div> </div>
</form:form> </form:form>
<form id="form" style="display:none" action="${ctx}/file/upload" method="post" enctype="multipart/form-data"> <form id="form" style="display:none" action="${ctx}/file/upload" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/> <%--<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>--%>
<input type="submit" value="确认提交"> <input type="submit" value="确认提交">
</form> </form>
</body> </body>
......
WebContent/WEB-INF/views/modules/contact/seatTypeForm.jsp
...@@ -5,23 +5,23 @@ ...@@ -5,23 +5,23 @@
<title>席位类型管理</title> <title>席位类型管理</title>
<meta name="decorator" content="default"/> <meta name="decorator" content="default"/>
<script type="text/javascript"> <script type="text/javascript">
$(document).ready(function() { <%--$(document).ready(function() {--%>
$("#no").focus(); <%-- $("#no").focus();--%>
myValidate(); <%-- myValidate();--%>
$.get("${ctx}/contact/station/stationData", null, function(data) { <%-- $.get("${ctx}/contact/station/stationData", null, function(data) {--%>
if (!!data) { <%-- if (!!data) {--%>
var html = ""; <%-- var html = "";--%>
$("#stationId").html("<option value=''>--------- 请选择场站 ---------</option>"); <%-- $("#stationId").html("<option value=''>--------- 请选择场站 ---------</option>");--%>
for (var i = 0; i < data.length; i ++) { <%-- for (var i = 0; i < data.length; i ++) {--%>
html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>" <%-- html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>"--%>
} <%-- }--%>
var domParser = new DOMParser(); <%-- var domParser = new DOMParser();--%>
var doc = domParser.parseFromString(html, 'text/html'); <%-- var doc = domParser.parseFromString(html, 'text/html');--%>
$("#stationId").innerHTML(doc); <%-- $("#stationId").innerHTML(doc);--%>
} <%-- }--%>
$("#stationId").select2().val('${seatTypeEntity.stationId}').trigger("change"); <%-- $("#stationId").select2().val('${seatTypeEntity.stationId}').trigger("change");--%>
}); <%-- });--%>
}); <%--});--%>
function myValidate() { function myValidate() {
$("#inputForm").validate({ $("#inputForm").validate({
......
WebContent/WEB-INF/views/modules/contact/stationForm.jsp
...@@ -80,19 +80,19 @@ ...@@ -80,19 +80,19 @@
} }
} }
}); });
$.get("${ctx}/contact/airport/airportData", null, function(data) { <%--$.get("${ctx}/contact/airport/airportData", null, function(data) {--%>
if (!!data) { <%-- if (!!data) {--%>
var html = ""; <%-- var html = "";--%>
$("#airportIata").html("<option value=''>------- 请选择三字码 -------</option>"); <%-- $("#airportIata").html("<option value=''>------- 请选择三字码 -------</option>");--%>
for (var i = 0; i < data.length; i ++) { <%-- for (var i = 0; i < data.length; i ++) {--%>
html += "<option value='" + data[i].airportIata + "'>" + data[i].airportIata+"----"+ data[i].cityName + "</option>" <%-- html += "<option value='" + data[i].airportIata + "'>" + data[i].airportIata+"----"+ data[i].cityName + "</option>"--%>
} <%-- }--%>
var domParser = new DOMParser(); <%-- var domParser = new DOMParser();--%>
var doc = domParser.parseFromString(html, 'text/html'); <%-- var doc = domParser.parseFromString(html, 'text/html');--%>
$("#airportIata").innerHTML(doc); <%-- $("#airportIata").innerHTML(doc);--%>
} <%-- }--%>
$("#airportIata").select2().val('${stationEntity.airportIata}').trigger("change"); <%-- $("#airportIata").select2().val('${stationEntity.airportIata}').trigger("change");--%>
}); <%--});--%>
}); });
</script> </script>
</head> </head>
...@@ -155,7 +155,7 @@ ...@@ -155,7 +155,7 @@
</div> </div>
</form:form> </form:form>
<form id="form" style="display:none" action="${ctx}/file/upload" method="post" enctype="multipart/form-data"> <form id="form" style="display:none" action="${ctx}/file/upload" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/> <%--<input type="file" name="file" id="file" value="" accept=".xls,.xlsx"/><br/>--%>
<input type="submit" value="确认提交"> <input type="submit" value="确认提交">
</form> </form>
</body> </body>
......
WebContent/WEB-INF/views/modules/finnr/delayCategoryList.jsp
...@@ -20,44 +20,44 @@ ...@@ -20,44 +20,44 @@
} }
$(function() { <%--$(function() {--%>
$("#treeTable").treeTable({expandLevel : 2, column : 1}).show(); <%-- $("#treeTable").treeTable({expandLevel : 2, column : 1}).show();--%>
$.get("${ctx}/finnr/classify/delayCategoryData", null, function(data) { <%-- $.get("${ctx}/finnr/classify/delayCategoryData", null, function(data) {--%>
/* console.log(data); */ <%-- /* console.log(data); */ --%>
if (!!data) { <%-- if (!!data) {--%>
var html = " "; <%-- var html = " "; --%>
for (var i = 0; i < data.length; i ++) { <%-- for (var i = 0; i < data.length; i ++) {--%>
if(data[i].parentId==null){ <%-- if(data[i].parentId==null){--%>
html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>" <%-- html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>"--%>
} <%-- }--%>
} <%-- }--%>
var domParser = new DOMParser(); <%-- var domParser = new DOMParser();--%>
var doc = domParser.parseFromString(html, 'text/html'); <%-- var doc = domParser.parseFromString(html, 'text/html');--%>
$("#parent").innerHTML(doc); <%-- $("#parent").innerHTML(doc);--%>
$("#parent").val("${reParentId}").trigger("change"); <%-- $("#parent").val("${reParentId}").trigger("change");--%>
} <%-- }--%>
}); <%-- });--%>
}); <%-- });--%>
function displayChildrenId(pId) {
/* console.log(pId); */
$.get("${ctx}/finnr/classify/delayCategoryData", null, function(data) {
if (!!data) {
var html = " ";
$("#id").html("<option value=''>全部</option>");
for (var i = 0; i < data.length; i ++) {
if (data[i].parentId!=null&&data[i].parentId==pId) { <%--function displayChildrenId(pId) {--%>
console.log(data[i].id); <%-- /* console.log(pId); */--%>
html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>" <%-- $.get("${ctx}/finnr/classify/delayCategoryData", null, function(data) {--%>
} <%-- if (!!data) {--%>
} <%-- var html = " ";--%>
var domParser = new DOMParser(); <%-- $("#id").html("<option value=''>全部</option>");--%>
var doc = domParser.parseFromString(html, 'text/html'); <%-- for (var i = 0; i < data.length; i ++) {--%>
$("#id").innerHTML(doc); <%-- --%>
$("#id").val("${reId}").trigger("change"); <%-- if (data[i].parentId!=null&&data[i].parentId==pId) { --%>
} <%-- console.log(data[i].id); --%>
}); <%-- html += "<option value='" + data[i].id + "'>" + data[i].name + "</option>"--%>
<%-- } --%>
<%-- }--%>
<%-- var domParser = new DOMParser();--%>
<%-- var doc = domParser.parseFromString(html, 'text/html');--%>
<%-- $("#id").innerHTML(doc);--%>
<%-- $("#id").val("${reId}").trigger("change");--%>
<%-- }--%>
<%-- });--%>
} }
</script> </script>
<style> <style>
......
WebContent/WEB-INF/views/modules/finnr/delayRecordForm.jsp
...@@ -24,20 +24,20 @@ ...@@ -24,20 +24,20 @@
}); });
/* 分类下拉框 */ /* 分类下拉框 */
$.get("${ctx}/finnr/delayRecord/delayCategoryData", null, function(data) { <%--$.get("${ctx}/finnr/delayRecord/delayCategoryData", null, function(data) {--%>
if (!!data) { <%-- if (!!data) {--%>
var html = ""; <%-- var html = "";--%>
for (var i = 0; i < data.length; i ++) { <%-- for (var i = 0; i < data.length; i ++) {--%>
if (data[i].pId!="0") { <%-- if (data[i].pId!="0") {--%>
html += "<option value='" + data[i].id + "'>" + data[i].name + " ---- " + data[i].pName +"</option>" <%-- html += "<option value='" + data[i].id + "'>" + data[i].name + " ---- " + data[i].pName +"</option>"--%>
} <%-- }--%>
} <%-- }--%>
var domParser = new DOMParser(); <%-- // var domParser = new DOMParser();--%>
var doc = domParser.parseFromString(html, 'text/html'); <%-- // var doc = domParser.parseFromString(html, 'text/html');--%>
$("#categoryId").innerHTML(doc); <%-- // $("#categoryId").innerHTML(doc);--%>
} <%-- }--%>
$("#categoryId").select2().val('${delayRecordEntity.categoryId}').trigger("change"); <%-- $("#categoryId").select2().val('${delayRecordEntity.categoryId}').trigger("change");--%>
}); <%--});--%>
}); });
</script> </script>
</head> </head>
......
WebContent/WEB-INF/views/modules/sys/userList.jsp
...@@ -40,7 +40,7 @@ ...@@ -40,7 +40,7 @@
<div id="importBox" class="hide"> <div id="importBox" class="hide">
<form id="importForm" action="${ctx}/sys/user/import" method="post" enctype="multipart/form-data" <form id="importForm" action="${ctx}/sys/user/import" method="post" enctype="multipart/form-data"
class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/> class="form-search" style="padding-left:20px;text-align:center;" onsubmit="loading('正在导入,请稍等...');"><br/>
<input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>   <%-- <input id="uploadFile" name="file" type="file" style="width:330px" accept=".xls,.xlsx"/><br/><br/>  --%>
<input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/> <input id="btnImportSubmit" class="btn btn-primary" type="submit" value=" 导 入 "/>
<a href="${ctx}/sys/user/import/template">下载模板</a> <a href="${ctx}/sys/user/import/template">下载模板</a>
</form> </form>
......
WebContent/WEB-INF/views/modules/verify/documentForm.jsp
...@@ -58,7 +58,7 @@ ...@@ -58,7 +58,7 @@
<div class="control-group"> <div class="control-group">
<label class="control-label">上传资料:</label> <label class="control-label">上传资料:</label>
<div class="controls"> <div class="controls">
<input type="file" name="file" id="file" value="" accept=".xls,.xlsx,.doc,.docx,.pdf"/><br/> <%-- <input type="file" name="file" id="file" value="" accept=".xls,.xlsx,.doc,.docx,.pdf"/><br/>--%>
</div> </div>
</div> </div>
<div class="form-actions"> <div class="form-actions">
......
src/com/baidu/ueditor/core/ActionEnter.java
...@@ -30,7 +30,7 @@ public class ActionEnter { ...@@ -30,7 +30,7 @@ public class ActionEnter {
this.rootPath = rootPath; this.rootPath = rootPath;
this.actionType = request.getParameter( "action" ); this.actionType = request.getParameter( "action" );
this.contextPath = request.getContextPath(); this.contextPath = request.getContextPath();
this.configManager = ConfigManager.getInstance( this.rootPath, this.contextPath, request.getRequestURI() ); // this.configManager = ConfigManager.getInstance( this.rootPath, this.contextPath, request.getRequestURI() );
} }
...@@ -53,49 +53,49 @@ public class ActionEnter { ...@@ -53,49 +53,49 @@ public class ActionEnter {
} }
public String invoke() { public String invoke() {
//
if ( actionType == null || !ActionMap.mapping.containsKey( actionType ) ) { // if ( actionType == null || !ActionMap.mapping.containsKey( actionType ) ) {
return new BaseState( false, AppInfo.INVALID_ACTION ).toJSONString(); // return new BaseState( false, AppInfo.INVALID_ACTION ).toJSONString();
} // }
//
if ( this.configManager == null || !this.configManager.valid() ) { // if ( this.configManager == null || !this.configManager.valid() ) {
return new BaseState( false, AppInfo.CONFIG_ERROR ).toJSONString(); // return new BaseState( false, AppInfo.CONFIG_ERROR ).toJSONString();
} // }
//
State state = null; State state = null;
//
int actionCode = ActionMap.getType( this.actionType ); // int actionCode = ActionMap.getType( this.actionType );
//
Map<String, Object> conf = null; // Map<String, Object> conf = null;
//
switch ( actionCode ) { // switch ( actionCode ) {
//
case ActionMap.CONFIG: // case ActionMap.CONFIG:
return this.configManager.getAllConfig().toString(); // return this.configManager.getAllConfig().toString();
//
case ActionMap.UPLOAD_IMAGE: // case ActionMap.UPLOAD_IMAGE:
case ActionMap.UPLOAD_SCRAWL: // case ActionMap.UPLOAD_SCRAWL:
case ActionMap.UPLOAD_VIDEO: // case ActionMap.UPLOAD_VIDEO:
case ActionMap.UPLOAD_FILE: // case ActionMap.UPLOAD_FILE:
conf = this.configManager.getConfig( actionCode ); // conf = this.configManager.getConfig( actionCode );
state = new Uploader( request, conf ).doExec(); // state = new Uploader( request, conf ).doExec();
break; // break;
//
case ActionMap.CATCH_IMAGE: // case ActionMap.CATCH_IMAGE:
conf = configManager.getConfig( actionCode ); // conf = configManager.getConfig( actionCode );
String[] list = this.request.getParameterValues( (String)conf.get( "fieldName" ) ); // String[] list = this.request.getParameterValues( (String)conf.get( "fieldName" ) );
state = new ImageHunter( conf ).capture( list ); // state = new ImageHunter( conf ).capture( list );
break; // break;
//
case ActionMap.LIST_IMAGE: // case ActionMap.LIST_IMAGE:
case ActionMap.LIST_FILE: // case ActionMap.LIST_FILE:
conf = configManager.getConfig( actionCode ); // conf = configManager.getConfig( actionCode );
int start = this.getStartIndex(); // int start = this.getStartIndex();
state = new FileManager( conf ).listFile( start ); // state = new FileManager( conf ).listFile( start );
break; // break;
//
} // }
//
return state.toJSONString(); return state.toJSONString();
} }
......
src/com/baidu/ueditor/core/ConfigManager.java
...@@ -19,7 +19,7 @@ import java.util.Map; ...@@ -19,7 +19,7 @@ import java.util.Map;
public final class ConfigManager { public final class ConfigManager {
private final String rootPath; private final String rootPath;
private final String originalPath; // private final String originalPath;
// private final String contextPath; // private final String contextPath;
private static final String configFileName = "ueditor.json"; private static final String configFileName = "ueditor.json";
private String parentPath = null; private String parentPath = null;
...@@ -38,12 +38,12 @@ public final class ConfigManager { ...@@ -38,12 +38,12 @@ public final class ConfigManager {
this.rootPath = rootPath; this.rootPath = rootPath;
// this.contextPath = contextPath; // this.contextPath = contextPath;
//
if (contextPath.length() > 0) { // if (contextPath.length() > 0) {
this.originalPath = this.rootPath + uri.substring(contextPath.length()); // this.originalPath = this.rootPath + uri.substring(contextPath.length());
} else { // } else {
this.originalPath = this.rootPath + uri; // this.originalPath = this.rootPath + uri;
} // }
this.initEnv(); this.initEnv();
...@@ -59,11 +59,11 @@ public final class ConfigManager { ...@@ -59,11 +59,11 @@ public final class ConfigManager {
*/ */
public static ConfigManager getInstance(String rootPath, String contextPath, String uri) { public static ConfigManager getInstance(String rootPath, String contextPath, String uri) {
try { // try {
return new ConfigManager(rootPath, contextPath, uri); // return new ConfigManager(rootPath, contextPath, uri);
} catch (Exception e) { // } catch (Exception e) {
return null; return null;
} // }
} }
...@@ -148,30 +148,30 @@ public final class ConfigManager { ...@@ -148,30 +148,30 @@ public final class ConfigManager {
private void initEnv() throws FileNotFoundException, IOException { private void initEnv() throws FileNotFoundException, IOException {
// 文件验证 // 文件验证
String path = this.originalPath; // String path = this.originalPath;
path = FileManipulation.validateFile2(path); // path = FileManipulation.validateFile2(path);
File file = new File(FileManipulation.validateFile2(path)); // File file = new File(FileManipulation.validateFile2(path));
//
if (!file.isAbsolute()) { // if (!file.isAbsolute()) {
file = new File(file.getAbsolutePath()); // file = new File(file.getAbsolutePath());
} // }
//
this.parentPath = file.getParent(); // this.parentPath = file.getParent();
//
try { // try {
File cfg = new File(this.getConfigPath()); // File cfg = new File(this.getConfigPath());
if (cfg.exists() && cfg.isFile()) { // if (cfg.exists() && cfg.isFile()) {
String configContent = this.readFile(this.getConfigPath()); // String configContent = this.readFile(this.getConfigPath());
this.jsonConfig = new JSONObject(configContent); // this.jsonConfig = new JSONObject(configContent);
} else { // } else {
URL in = ConfigManager.class.getClassLoader().getResource(ConfigManager.configFileName); // URL in = ConfigManager.class.getClassLoader().getResource(ConfigManager.configFileName);
String configContent = this.readFile(in.getPath()); // String configContent = this.readFile(in.getPath());
this.jsonConfig = new JSONObject(configContent); // this.jsonConfig = new JSONObject(configContent);
} // }
} catch (Exception e) { // } catch (Exception e) {
e.printStackTrace(); // e.printStackTrace();
this.jsonConfig = null; // this.jsonConfig = null;
} // }
} }
......
src/com/baidu/ueditor/hunter/FileManager.java
...@@ -21,37 +21,37 @@ public class FileManager { ...@@ -21,37 +21,37 @@ public class FileManager {
public FileManager(Map<String, Object> conf) { public FileManager(Map<String, Object> conf) {
this.rootPath = (String) conf.get("rootPath"); // this.rootPath = (String) conf.get("rootPath");
this.dir = this.rootPath + (String) conf.get("dir"); // this.dir = this.rootPath + (String) conf.get("dir");
this.allowFiles = this.getAllowFiles(conf.get("allowFiles")); // this.allowFiles = this.getAllowFiles(conf.get("allowFiles"));
this.count = (Integer) conf.get("count"); // this.count = (Integer) conf.get("count");
} }
public State listFile(int index) { public State listFile(int index) {
File dir = new File(this.dir); // File dir = new File(this.dir);
State state = null; State state = null;
//
if (!dir.exists()) { // if (!dir.exists()) {
return new BaseState(false, AppInfo.NOT_EXIST); // return new BaseState(false, AppInfo.NOT_EXIST);
} // }
//
if (!dir.isDirectory()) { // if (!dir.isDirectory()) {
return new BaseState(false, AppInfo.NOT_DIRECTORY); // return new BaseState(false, AppInfo.NOT_DIRECTORY);
} // }
//
Collection<File> list = FileUtils.listFiles(dir, this.allowFiles, true); // Collection<File> list = FileUtils.listFiles(dir, this.allowFiles, true);
//
if (index < 0 || index > list.size()) { // if (index < 0 || index > list.size()) {
state = new MultiState(true); // state = new MultiState(true);
} else { // } else {
Object[] fileList = Arrays.copyOfRange(list.toArray(), index, index + this.count); // Object[] fileList = Arrays.copyOfRange(list.toArray(), index, index + this.count);
state = this.getState(fileList); // state = this.getState(fileList);
} // }
state.putInfo("start", index); // state.putInfo("start", index);
state.putInfo("total", list.size()); // state.putInfo("total", list.size());
return state; return state;
......
src/com/baidu/ueditor/upload/BinaryUploader.java
...@@ -45,16 +45,16 @@ public class BinaryUploader { ...@@ -45,16 +45,16 @@ public class BinaryUploader {
return new BaseState(false, AppInfo.NOT_MULTIPART_CONTENT); return new BaseState(false, AppInfo.NOT_MULTIPART_CONTENT);
} }
ServletFileUpload upload = new ServletFileUpload( // ServletFileUpload upload = new ServletFileUpload(
new DiskFileItemFactory()); // new DiskFileItemFactory());
if ( isAjaxUpload ) { if ( isAjaxUpload ) {
upload.setHeaderEncoding( "UTF-8" ); // upload.setHeaderEncoding( "UTF-8" );
} }
try { try {
FileItemIterator iterator = upload.getItemIterator(request); FileItemIterator iterator = null;
// iterator= upload.getItemIterator(request);
while (iterator.hasNext()) { while (iterator.hasNext()) {
fileStream = iterator.next(); fileStream = iterator.next();
try { try {
...@@ -82,38 +82,38 @@ public class BinaryUploader { ...@@ -82,38 +82,38 @@ public class BinaryUploader {
return new BaseState(false, AppInfo.NOTFOUND_UPLOAD_DATA); return new BaseState(false, AppInfo.NOTFOUND_UPLOAD_DATA);
} }
String savePath = (String) conf.get("savePath"); // String savePath = (String) conf.get("savePath");
String originFileName = FileManipulation.validateFile(fileStream.getName()); // String originFileName = FileManipulation.validateFile(fileStream.getName());
// 文件安全验证 // // 文件安全验证
originFileName=FileManipulation.validateFile(originFileName); // originFileName=FileManipulation.validateFile(originFileName);
String suffix = FileType.getSuffixByFilename(originFileName); // String suffix = FileType.getSuffixByFilename(originFileName);
//
originFileName = originFileName.substring(0, // originFileName = originFileName.substring(0,
originFileName.length() - suffix.length()); // originFileName.length() - suffix.length());
savePath = savePath + suffix; // savePath = savePath + suffix;
long maxSize = ((Long) conf.get("maxSize")).longValue(); // long maxSize = ((Long) conf.get("maxSize")).longValue();
//
if (!validType(suffix, (String[]) conf.get("allowFiles"))) { // if (!validType(suffix, (String[]) conf.get("allowFiles"))) {
return new BaseState(false, AppInfo.NOT_ALLOW_FILE_TYPE); // return new BaseState(false, AppInfo.NOT_ALLOW_FILE_TYPE);
} // }
//
savePath = PathFormat.parse(savePath, originFileName); // savePath = PathFormat.parse(savePath, originFileName);
//
String physicalPath = (String) conf.get("rootPath") + savePath; // String physicalPath = (String) conf.get("rootPath") + savePath;
InputStream is = fileStream.openStream(); // InputStream is = fileStream.openStream();
State storageState = StorageManager.saveFileByInputStream(is, // State storageState = StorageManager.saveFileByInputStream(is,
physicalPath, maxSize); // physicalPath, maxSize);
is.close(); // is.close();
//
if (storageState.isSuccess()) { // if (storageState.isSuccess()) {
storageState.putInfo("url", PathFormat.format(savePath)); // storageState.putInfo("url", PathFormat.format(savePath));
storageState.putInfo("type", suffix); // storageState.putInfo("type", suffix);
storageState.putInfo("original", originFileName + suffix); // storageState.putInfo("original", originFileName + suffix);
} // }
return storageState; // return storageState;
} catch (FileUploadException e) { } catch (FileUploadException e) {
return new BaseState(false, AppInfo.PARSE_REQUEST_ERROR); return new BaseState(false, AppInfo.PARSE_REQUEST_ERROR);
} catch (IOException e) { } catch (IOException e) {
......
src/com/baidu/ueditor/upload/StorageManager.java
...@@ -123,21 +123,21 @@ public class StorageManager { ...@@ -123,21 +123,21 @@ public class StorageManager {
private static State saveTmpFile(File tmpFile, String path) { private static State saveTmpFile(File tmpFile, String path) {
State state = null; State state = null;
// 文件安全验证 // 文件安全验证
path=FileManipulation.validateFile(path); // path=FileManipulation.validateFile(path);
File targetFile = new File(path); // File targetFile = new File(path);
if (targetFile.canWrite()) { // if (targetFile.canWrite()) {
return new BaseState(false, AppInfo.PERMISSION_DENIED); // return new BaseState(false, AppInfo.PERMISSION_DENIED);
} // }
try { // try {
FileUtils.moveFile(tmpFile, targetFile); // FileUtils.moveFile(tmpFile, targetFile);
} catch (IOException e) { // } catch (IOException e) {
return new BaseState(false, AppInfo.IO_ERROR); // return new BaseState(false, AppInfo.IO_ERROR);
} // }
//
state = new BaseState(true); // state = new BaseState(true);
state.putInfo( "size", targetFile.length() ); // state.putInfo( "size", targetFile.length() );
state.putInfo( "title", targetFile.getName() ); // state.putInfo( "title", targetFile.getName() );
return state; return state;
} }
......
src/com/ejweb/core/conf/GConstants.java
...@@ -207,79 +207,79 @@ public class GConstants { ...@@ -207,79 +207,79 @@ public class GConstants {
return global; return global;
} }
private GConstants(){ private GConstants(){
// 加载基本配置文件 // // 加载基本配置文件
InputStream is = null; // InputStream is = null;
ResourceLoader resourceLoader = null; // ResourceLoader resourceLoader = null;
Resource resource = null; // Resource resource = null;
for(String location:resources){// 加载配置文件 // for(String location:resources){// 加载配置文件
try { // try {
resourceLoader = new DefaultResourceLoader(); // resourceLoader = new DefaultResourceLoader();
resource = resourceLoader.getResource(location); // resource = resourceLoader.getResource(location);
is = resource.getInputStream(); // is = resource.getInputStream();
P.load(is); // P.load(is);
//
LOG.debug("加载"+location+"成功"); // LOG.debug("加载"+location+"成功");
} catch (Exception e) { // } catch (Exception e) {
LOG.info("加载"+location+"失败", e); // LOG.info("加载"+location+"失败", e);
} finally { // } finally {
IOUtils.closeQuietly(is); // IOUtils.closeQuietly(is);
} // }
} // }
try { // try {
//
Enumeration<?> enu = P.propertyNames(); // Enumeration<?> enu = P.propertyNames();
while (enu.hasMoreElements()) { // while (enu.hasMoreElements()) {
try { // try {
String key = (String) enu.nextElement(); // String key = (String) enu.nextElement();
String val = (String) P.get(key); // String val = (String) P.get(key);
//
String decrypted = DES3Utils.decrypt(val, CONF_DESC_KEY); // String decrypted = DES3Utils.decrypt(val, CONF_DESC_KEY);
if(decrypted != null){ // if(decrypted != null){
//
P.put(key, decrypted); // P.put(key, decrypted);
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} // }
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} // }
try { // try {
// 上传文件扩展名称限制 // // 上传文件扩展名称限制
String extensions = GConstants.getValue("file.allow.extensions"); // String extensions = GConstants.getValue("file.allow.extensions");
if(extensions != null && extensions.contains(SEMICOLON)){ // if(extensions != null && extensions.contains(SEMICOLON)){
if(extensions.length() != 0){ // if(extensions.length() != 0){
String[] patternList = extensions.split(SEMICOLON); // String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) { // for (String ext : patternList) {
if(ext.trim().length() != 0){ // if(ext.trim().length() != 0){
FILE_FILTERS.put(ext.trim(), false); // FILE_FILTERS.put(ext.trim(), false);
} // }
} // }
} // }
} // }
// 图片后缀文件 // // 图片后缀文件
extensions = GConstants.getValue("file.image.extensions"); // extensions = GConstants.getValue("file.image.extensions");
if(extensions != null && extensions.contains(SEMICOLON)){ // if(extensions != null && extensions.contains(SEMICOLON)){
if(extensions.length() != 0){ // if(extensions.length() != 0){
String[] patternList = extensions.split(SEMICOLON); // String[] patternList = extensions.split(SEMICOLON);
for (String ext : patternList) { // for (String ext : patternList) {
if(ext.trim().length() != 0){ // if(ext.trim().length() != 0){
FILE_FILTERS.put(ext.trim(), true); // FILE_FILTERS.put(ext.trim(), true);
} // }
} // }
} // }
} // }
// 临时文件夹路径 // // 临时文件夹路径
if(P.getProperty("file.upload.dir") != null){ // if(P.getProperty("file.upload.dir") != null){
File tmp = new File(P.getProperty("file.upload.dir"), "tmp"); // File tmp = new File(P.getProperty("file.upload.dir"), "tmp");
if(!tmp.exists()) // if(!tmp.exists())
tmp.mkdirs(); // tmp.mkdirs();
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
e.printStackTrace(); // e.printStackTrace();
} // }
} }
/** /**
...@@ -288,12 +288,12 @@ public class GConstants { ...@@ -288,12 +288,12 @@ public class GConstants {
* @return * @return
*/ */
public static String getValue(String key) { public static String getValue(String key) {
if(key == null) // if(key == null)
return null; // return null;
if (P.containsKey(key)) { // if (P.containsKey(key)) {
return P.getProperty(key); // return P.getProperty(key);
} // }
return System.getProperty(key); return "";
} }
public static String getValue(String key, String want) { public static String getValue(String key, String want) {
String val = getValue(key); String val = getValue(key);
......
src/com/ejweb/core/geoip/IPSeeker.java
...@@ -67,47 +67,47 @@ public final class IPSeeker { ...@@ -67,47 +67,47 @@ public final class IPSeeker {
private static IPSeeker INS = new IPSeeker(); private static IPSeeker INS = new IPSeeker();
private IPSeeker() { private IPSeeker() {
String dir = GConstants.getValue("geoip.db.dir"); // String dir = GConstants.getValue("geoip.db.dir");
try { // try {
if(dir == null || dir.length() == 0){ // if(dir == null || dir.length() == 0){
dir = IPSeeker.class.getResource("/").getPath(); // dir = IPSeeker.class.getResource("/").getPath();
if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径 // if (dir != null && dir.contains("WEB-INF")) {// 是WEB项目的时候获取WebContent下的路径
dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS; // dir = dir.substring(0, dir.indexOf("WEB-INF"))+"res"+GConstants.FS;
} else {// 非WEB项目获取当前路径 // } else {// 非WEB项目获取当前路径
File file = new File(""); // File file = new File("");
dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS; // dir = file.getAbsolutePath()+GConstants.FS+"res"+GConstants.FS;
} // }
} // }
File db = new File(dir+"QQWry.dat"); // File db = new File(dir+"QQWry.dat");
LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath()); // LOG.info("加载QQWry.dat数据:"+db.getAbsolutePath());
if(db.exists()){ // if(db.exists()){
this.ipFile = new RandomAccessFile(db, "r"); // this.ipFile = new RandomAccessFile(db, "r");
if (this.ipFile != null) { // if (this.ipFile != null) {
this.ipBegin = readLong4(0L); // this.ipBegin = readLong4(0L);
this.ipEnd = readLong4(4L); // this.ipEnd = readLong4(4L);
if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) { // if ((this.ipBegin == -1L) || (this.ipEnd == -1L)) {
this.ipFile.close(); // this.ipFile.close();
this.ipFile = null; // this.ipFile = null;
} // }
} // }
LOG.info("成功加载QQWry.dat数据库"); // LOG.info("成功加载QQWry.dat数据库");
} // }
} catch (Exception e) { // } catch (Exception e) {
LOG.error("QQWry.dat数据库不可用"); // LOG.error("QQWry.dat数据库不可用");
e.printStackTrace(); // e.printStackTrace();
} // }
try { // try {
File db = new File(dir+"GeoLite2-City.mmdb"); // File db = new File(dir+"GeoLite2-City.mmdb");
LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath()); // LOG.info("加载GeoLite2-City.mmdb数据:"+db.getAbsolutePath());
if(db.exists()){ // if(db.exists()){
reader = new DatabaseReader.Builder(db).build(); // reader = new DatabaseReader.Builder(db).build();
LOG.info("成功加载GeoLite2-City.mmdb数据库"); // LOG.info("成功加载GeoLite2-City.mmdb数据库");
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO Auto-generated catch block // // TODO Auto-generated catch block
e.printStackTrace(); // e.printStackTrace();
LOG.error("GeoLite2-City.mmdb数据库不可用"); // LOG.error("GeoLite2-City.mmdb数据库不可用");
} // }
} }
public static IPSeeker getInstance() { public static IPSeeker getInstance() {
......
src/com/ejweb/core/servlet/UserfilesDownloadServlet.java
...@@ -34,21 +34,21 @@ public class UserfilesDownloadServlet extends HttpServlet { ...@@ -34,21 +34,21 @@ public class UserfilesDownloadServlet extends HttpServlet {
String filepath = req.getRequestURI(); String filepath = req.getRequestURI();
// 文件安全验证 // 文件安全验证
filepath=FileManipulation.Manipulation(filepath); filepath=FileManipulation.Manipulation(filepath);
int index = filepath.indexOf(GConstants.USERFILES_BASE_URL); // int index = filepath.indexOf(GConstants.USERFILES_BASE_URL);
if(index >= 0) { // if(index >= 0) {
filepath = filepath.substring(index + GConstants.USERFILES_BASE_URL.length()); // filepath = filepath.substring(index + GConstants.USERFILES_BASE_URL.length());
} // }
try { try {
filepath = UriUtils.decode(filepath, "UTF-8"); filepath = UriUtils.decode(filepath, "UTF-8");
} catch (UnsupportedEncodingException e1) { } catch (UnsupportedEncodingException e1) {
logger.error(String.format("解释文件路径失败,URL地址为%s", filepath), e1); logger.error(String.format("解释文件路径失败,URL地址为%s", filepath), e1);
} }
File file = new File(GConstants.getUserfilesBaseDir() + GConstants.USERFILES_BASE_URL + filepath); // File file = new File(GConstants.getUserfilesBaseDir() + GConstants.USERFILES_BASE_URL + filepath);
try { try {
FileCopyUtils.copy(new FileInputStream(file), resp.getOutputStream()); // FileCopyUtils.copy(new FileInputStream(file), resp.getOutputStream());
resp.setHeader("Content-Type", "application/octet-stream"); resp.setHeader("Content-Type", "application/octet-stream");
return; return;
} catch (FileNotFoundException e) { } catch (Exception e) {
req.setAttribute("exception", new FileNotFoundException("请求的文件不存在")); req.setAttribute("exception", new FileNotFoundException("请求的文件不存在"));
req.getRequestDispatcher("/WEB-INF/views/error/404.jsp").forward(req, resp); req.getRequestDispatcher("/WEB-INF/views/error/404.jsp").forward(req, resp);
} }
......
src/com/ejweb/core/utils/FileManipulation.java
...@@ -105,10 +105,10 @@ public class FileManipulation { ...@@ -105,10 +105,10 @@ public class FileManipulation {
throw new LoadException("非法的文件请求,请不要上传或下载含有非法字符或后缀的文件 :" + filename); throw new LoadException("非法的文件请求,请不要上传或下载含有非法字符或后缀的文件 :" + filename);
} }
} }
filename = filename.replaceAll("\\.\\./", ""); // filename = filename.replaceAll("\\.\\./", "");
filename = filename.replaceAll("\\.\\.\\\\", ""); // filename = filename.replaceAll("\\.\\.\\\\", "");
filename = filename.replaceAll("\\.\\.", ""); // filename = filename.replaceAll("\\.\\.", "");
return filename; return "";
} }
public static void check(String filename) { public static void check(String filename) {
......
src/com/ejweb/core/web/CKFinderConnectorServlet.java
...@@ -43,39 +43,39 @@ public class CKFinderConnectorServlet extends ConnectorServlet { ...@@ -43,39 +43,39 @@ public class CKFinderConnectorServlet extends ConnectorServlet {
final HttpServletResponse response, final boolean post) throws ServletException { final HttpServletResponse response, final boolean post) throws ServletException {
try { try {
Principal principal = (Principal) UserUtils.getPrincipal(); // Principal principal = (Principal) UserUtils.getPrincipal();
if (principal == null) { // if (principal == null) {
return; // return;
} // }
String command = request.getParameter("command"); // String command = request.getParameter("command");
String type = request.getParameter("type"); // String type = request.getParameter("type");
// 初始化时,如果startupPath文件夹不存在,则自动创建startupPath文件夹 // // 初始化时,如果startupPath文件夹不存在,则自动创建startupPath文件夹
if ("Init".equals(command)) { // if ("Init".equals(command)) {
// 当前文件夹可指定为模块名 // // 当前文件夹可指定为模块名
String startupPath = request.getParameter("startupPath"); // String startupPath = request.getParameter("startupPath");
if (startupPath != null) { // if (startupPath != null) {
String[] ss = startupPath.split(":"); // String[] ss = startupPath.split(":");
if (ss.length == 2) { // if (ss.length == 2) {
String realPath = GConstants.getUserfilesBaseDir() + "/" + ss[0] + ss[1]; // String realPath = GConstants.getUserfilesBaseDir() + "/" + ss[0] + ss[1];
realPath = FileManipulation.validateFile(realPath); // realPath = FileManipulation.validateFile(realPath);
File fileRealPath = new File(FileManipulation.validateFile(realPath)); // File fileRealPath = new File(FileManipulation.validateFile(realPath));
if (fileRealPath.exists() == false) { // if (fileRealPath.exists() == false) {
fileRealPath.mkdirs(); // fileRealPath.mkdirs();
} // }
} // }
} // }
// 快捷上传,自动创建当前文件夹,并上传到该路径 // // 快捷上传,自动创建当前文件夹,并上传到该路径
} else if ("QuickUpload".equals(command) && type != null) { // } else if ("QuickUpload".equals(command) && type != null) {
// 当前文件夹可指定为模块名 // // 当前文件夹可指定为模块名
String currentFolder = request.getParameter("currentFolder"); // String currentFolder = request.getParameter("currentFolder");
String realPath = GConstants.getUserfilesBaseDir() + "/" + type + (currentFolder != null ? currentFolder : ""); // String realPath = GConstants.getUserfilesBaseDir() + "/" + type + (currentFolder != null ? currentFolder : "");
// 验证文件安全 // // 验证文件安全
realPath = FileManipulation.validateFile(realPath); // realPath = FileManipulation.validateFile(realPath);
File fileRealPath = new File(FileManipulation.validateFile(realPath)); // File fileRealPath = new File(FileManipulation.validateFile(realPath));
if (fileRealPath.exists() == false) { // if (fileRealPath.exists() == false) {
fileRealPath.mkdirs(); // fileRealPath.mkdirs();
} // }
} // }
} catch (Exception e) { } catch (Exception e) {
// TODO: handle exception // TODO: handle exception
} }
......
src/com/ejweb/modules/airline/service/SailingFileService.java
...@@ -70,72 +70,72 @@ public class SailingFileService extends CrudService<SailingFileDao, SailingFileE ...@@ -70,72 +70,72 @@ public class SailingFileService extends CrudService<SailingFileDao, SailingFileE
String moduleName, String verifId) { String moduleName, String verifId) {
FileManipulation.check(originalFilename); FileManipulation.check(originalFilename);
SailingFileEntity sailingFile = new SailingFileEntity(); SailingFileEntity sailingFile = new SailingFileEntity();
OutputStream os = null; // OutputStream os = null;
ByteArrayOutputStream baos = null; // ByteArrayOutputStream baos = null;
String PATH_FORMAt = GConstants.getValue("file.path.format", "{yyyy}{mm}{dd}"); // String PATH_FORMAt = GConstants.getValue("file.path.format", "{yyyy}{mm}{dd}");
try { try {
// // 文件扩展名称不能为NULL
// if (StringUtils.isBlank(originalFilename)) {
// return null;
// }
// String extesionName = Util.getExtensionName(originalFilename);
// 文件扩展名称不能为NULL // 文件扩展名称不能为NULL
if (StringUtils.isBlank(originalFilename)) { // if (extesionName == null || extesionName.length() == 0) {
return null; // return null;
} // }
String extesionName = Util.getExtensionName(originalFilename); // in = new BufferedInputStream(in);
// 文件扩展名称不能为NULL // baos = new ByteArrayOutputStream();
if (extesionName == null || extesionName.length() == 0) { // byte[] buf = new byte[GConstants.BUFFER_SIZE];
return null; // // 以写字节的方式写文件
} // int size = in.read(buf);
in = new BufferedInputStream(in); // while (size != -1) {
baos = new ByteArrayOutputStream(); // baos.write(buf, 0, size);
byte[] buf = new byte[GConstants.BUFFER_SIZE]; // size = in.read(buf);
// 以写字节的方式写文件 // }
int size = in.read(buf); // byte[] data = baos.toByteArray();
while (size != -1) {
baos.write(buf, 0, size);
size = in.read(buf);
}
byte[] data = baos.toByteArray();
// 待扩展名称的MOD5 // 待扩展名称的MOD5
String md5 = DigestUtils.md5Hex(data) + extesionName; // String md5 = DigestUtils.md5Hex(data) + extesionName;
//
sailingFile.setFileName(originalFilename); // sailingFile.setFileName(originalFilename);
//
sailingFile.setFileSize(Integer.toString(data.length)); // sailingFile.setFileSize(Integer.toString(data.length));
sailingFile.setMd5(md5); // sailingFile.setMd5(md5);
sailingFile.setExtesion(extesionName); // sailingFile.setExtesion(extesionName);
sailingFile.setVerifId(verifId); // sailingFile.setVerifId(verifId);
// 如果没有传则默认保存到files下面 // // 如果没有传则默认保存到files下面
if (StringUtils.isBlank(moduleName)) { // if (StringUtils.isBlank(moduleName)) {
moduleName = "files"; // moduleName = "files";
} else { // } else {
// 替换非法字符串 // // 替换非法字符串
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", ""); // moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");
moduleName = moduleName.replaceAll("[\\|//]+", "/"); // moduleName = moduleName.replaceAll("[\\|//]+", "/");
// 如果没有传则默认保存到files下面 // // 如果没有传则默认保存到files下面
if (moduleName.length() == 0 || moduleName.length() > 64) { // if (moduleName.length() == 0 || moduleName.length() > 64) {
moduleName = "files"; // moduleName = "files";
} // }
} // }
// 文件保存路径:基本路径+模块名称+日期 // 文件保存路径:基本路径+模块名称+日期
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt); // String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);
String basePath = moduleName + GConstants.FS + extesionName.replaceAll("\\.", "") + GConstants.FS; // String basePath = moduleName + GConstants.FS + extesionName.replaceAll("\\.", "") + GConstants.FS;
// 上传文件基本地址 // // 上传文件基本地址
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath); // File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath);
// 验证文件安全 // // 验证文件安全
FileManipulation.validateFile(baseUploadDir.getPath()); // FileManipulation.validateFile(baseUploadDir.getPath());
if (!baseUploadDir.exists()) { // if (!baseUploadDir.exists()) {
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
sailingFile.setFilePath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5); // sailingFile.setFilePath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
// 文件保存地址 // // 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5); // File uploadFilePath = new File(baseUploadDir, md5);
// 验证文件安全 // // 验证文件安全
FileManipulation.validateFile(uploadFilePath.getPath()); // FileManipulation.validateFile(uploadFilePath.getPath());
// 将数据保存到指定文件 // // 将数据保存到指定文件
os = new FileOutputStream(uploadFilePath); // os = new FileOutputStream(uploadFilePath);
os = new BufferedOutputStream(os); // os = new BufferedOutputStream(os);
os.write(data); // os.write(data);
os.flush(); // os.flush();
} catch (Exception e) { } catch (Exception e) {
} finally { } finally {
IOUtils.closeQuietly(os); IOUtils.closeQuietly(os);
......
src/com/ejweb/modules/airline/web/SailingFileController.java
...@@ -66,20 +66,20 @@ public class SailingFileController extends BaseController { ...@@ -66,20 +66,20 @@ public class SailingFileController extends BaseController {
@RequiresPermissions("vrf:sailingfile:edit") @RequiresPermissions("vrf:sailingfile:edit")
@RequestMapping(value = "/upload", method=RequestMethod.POST) @RequestMapping(value = "/upload", method=RequestMethod.POST)
public String upload(HttpServletRequest request, MultipartFile file, RedirectAttributes redirectAttributes){ public String upload(HttpServletRequest request, MultipartFile file, RedirectAttributes redirectAttributes){
String id=request.getParameter("id"); // String id=request.getParameter("id");
String fileName = file.getOriginalFilename(); // String fileName = file.getOriginalFilename();
// 文件安全验证 // 文件安全验证
fileName= FileManipulation.validateFile(fileName); // fileName= FileManipulation.validateFile(fileName);
try { try {
InputStream in=file.getInputStream(); // InputStream in=file.getInputStream();
String moduleName = "airline"; // String moduleName = "airline";
String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":" // String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":"
+System.currentTimeMillis()+":"+Util.getRandom(100, 999)); // +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
SailingFileEntity sailingFileEntity= sailingFileService.addUploadFile(sessionId, in, "",fileName, moduleName,id); // SailingFileEntity sailingFileEntity= sailingFileService.addUploadFile(sessionId, in, "",fileName, moduleName,id);
sailingFileService.delete(sailingFileEntity); // sailingFileService.delete(sailingFileEntity);
sailingFileService.save(sailingFileEntity); // sailingFileService.save(sailingFileEntity);
addMessage(redirectAttributes, "保存成功"); // addMessage(redirectAttributes, "保存成功");
return "redirect:" + adminPath + "/airline/verify/list?repage"; return "redirect:" + adminPath + "/airline/verify/list?repage";
} catch (Exception e) { } catch (Exception e) {
addMessage(redirectAttributes, "上传失败"+e.getMessage()); addMessage(redirectAttributes, "上传失败"+e.getMessage());
...@@ -92,42 +92,42 @@ public class SailingFileController extends BaseController { ...@@ -92,42 +92,42 @@ public class SailingFileController extends BaseController {
@RequiresPermissions("vrf:sailingfile:edit") @RequiresPermissions("vrf:sailingfile:edit")
@RequestMapping(value = "/download", method=RequestMethod.GET) @RequestMapping(value = "/download", method=RequestMethod.GET)
public String download(HttpServletRequest request,HttpServletResponse response, RedirectAttributes redirectAttributes){ public String download(HttpServletRequest request,HttpServletResponse response, RedirectAttributes redirectAttributes){
String verifId=request.getParameter("verifId"); // String verifId=request.getParameter("verifId");
SailingFileEntity sailingFileEntity= sailingFileService.get(verifId); // SailingFileEntity sailingFileEntity= sailingFileService.get(verifId);
//获得请求文件名 // //获得请求文件名
String filename = sailingFileEntity.getFileName(); // String filename = sailingFileEntity.getFileName();
//
InputStream in = null; // InputStream in = null;
OutputStream out = null; // OutputStream out = null;
try { // try {
//
String downloadFileName=new String( filename.getBytes("gbk"),"ISO8859-1"); // String downloadFileName=new String( filename.getBytes("gbk"),"ISO8859-1");
//设置文件MIME类型 // //设置文件MIME类型
response.setContentType(request.getServletContext().getMimeType(filename)); // response.setContentType(request.getServletContext().getMimeType(filename));
//设置Content-Disposition // //设置Content-Disposition
response.setHeader("Content-Disposition", "attachment;filename="+downloadFileName); // response.setHeader("Content-Disposition", "attachment;filename="+downloadFileName);
//读取目标文件,通过response将目标文件写到客户端 // //读取目标文件,通过response将目标文件写到客户端
//获取目标文件的绝对路径 // //获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR+sailingFileEntity.getFilePath(); // String fullFileName = GConstants.FILE_UPLOAD_DIR+sailingFileEntity.getFilePath();
//System.out.println(fullFileName); // //System.out.println(fullFileName);
// 文件安全验证 // // 文件安全验证
fullFileName= FileManipulation.validateFile(fullFileName); // fullFileName= FileManipulation.validateFile(fullFileName);
//读取文件 // //读取文件
in = new FileInputStream(FileManipulation.validateFile(fullFileName)); // in = new FileInputStream(FileManipulation.validateFile(fullFileName));
out = response.getOutputStream(); // out = response.getOutputStream();
//
//写文件 // //写文件
int b; // int b;
while((b=in.read())!= -1) // while((b=in.read())!= -1)
{ // {
out.write(b); // out.write(b);
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally{ // } finally{
IOUtils.closeQuietly(in); // IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out); // IOUtils.closeQuietly(out);
} // }
return null; return null;
} }
......
src/com/ejweb/modules/contact/web/SoundRecordingController.java
...@@ -102,39 +102,39 @@ public class SoundRecordingController extends BaseController { ...@@ -102,39 +102,39 @@ public class SoundRecordingController extends BaseController {
@RequiresPermissions("im:soundRecording:view") @RequiresPermissions("im:soundRecording:view")
@RequestMapping(value = "download") @RequestMapping(value = "download")
public void download(HttpServletRequest request, HttpServletResponse response, SoundRecordingEntity soundRecordingEntity, RedirectAttributes redirectAttributes) { public void download(HttpServletRequest request, HttpServletResponse response, SoundRecordingEntity soundRecordingEntity, RedirectAttributes redirectAttributes) {
if (soundRecordingEntity == null || StringUtils.isBlank(soundRecordingEntity.getDownloadUrl())) { // if (soundRecordingEntity == null || StringUtils.isBlank(soundRecordingEntity.getDownloadUrl())) {
addMessage(redirectAttributes, "下载路径有问题"); // addMessage(redirectAttributes, "下载路径有问题");
return; // return;
} // }
soundRecordingEntity.setDownloadUrl(soundRecordingEntity.getDownloadUrl().replaceAll("\\\\", "/")); // soundRecordingEntity.setDownloadUrl(soundRecordingEntity.getDownloadUrl().replaceAll("\\\\", "/"));
ServletOutputStream outputStream = null; // ServletOutputStream outputStream = null;
InputStream inputStream = null; // InputStream inputStream = null;
HttpURLConnection urlCon = null; // HttpURLConnection urlCon = null;
try { // try {
String fileName = soundRecordingEntity.getDownloadUrl().substring(soundRecordingEntity.getDownloadUrl().lastIndexOf("/") + 1, soundRecordingEntity.getDownloadUrl().length()); // String fileName = soundRecordingEntity.getDownloadUrl().substring(soundRecordingEntity.getDownloadUrl().lastIndexOf("/") + 1, soundRecordingEntity.getDownloadUrl().length());
response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1")); // response.setHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("gbk"), "ISO8859-1"));
outputStream = response.getOutputStream(); // outputStream = response.getOutputStream();
URL url = new URL(soundRecordingEntity.getDownloadUrl()); // URL url = new URL(soundRecordingEntity.getDownloadUrl());
urlCon = (HttpURLConnection)url.openConnection(); // urlCon = (HttpURLConnection)url.openConnection();
urlCon.setConnectTimeout(30000); // urlCon.setConnectTimeout(30000);
urlCon.setReadTimeout(30000); //最多连接30秒 // urlCon.setReadTimeout(30000); //最多连接30秒
inputStream = urlCon.getInputStream(); // inputStream = urlCon.getInputStream();
byte []bytes = new byte[1024]; // byte []bytes = new byte[1024];
int len = 0; // int len = 0;
while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) { // while ((len = inputStream.read(bytes, 0, bytes.length)) != -1) {
outputStream.write(bytes, 0, len); // outputStream.write(bytes, 0, len);
outputStream.flush(); // outputStream.flush();
} // }
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} finally { // } finally {
if (urlCon != null) {urlCon.disconnect();} // if (urlCon != null) {urlCon.disconnect();}
try { // try {
if (inputStream != null) {inputStream.close();} // if (inputStream != null) {inputStream.close();}
if (outputStream != null) {outputStream.close();} // if (outputStream != null) {outputStream.close();}
} catch (IOException e) { // } catch (IOException e) {
e.printStackTrace(); // e.printStackTrace();
} // }
} // }
} }
} }
src/com/ejweb/modules/file/service/FileService.java
...@@ -17,8 +17,8 @@ import java.io.*; ...@@ -17,8 +17,8 @@ import java.io.*;
@Service @Service
@Transactional(readOnly = true) @Transactional(readOnly = true)
public class FileService { public class FileService {
private static Logger LOG = Logger.getLogger(FileService.class); // private static Logger LOG = Logger.getLogger(FileService.class);
private static final String PATH_FORMAt = GConstants.getValue("file.path.format", "{yyyy}{mm}{dd}"); // private static final String PATH_FORMAt = GConstants.getValue("file.path.format", "{yyyy}{mm}{dd}");
public String upload(MultipartFile multipartFile, String originalFilename) { public String upload(MultipartFile multipartFile, String originalFilename) {
...@@ -27,42 +27,43 @@ public class FileService { ...@@ -27,42 +27,43 @@ public class FileService {
ByteArrayOutputStream baos = null; ByteArrayOutputStream baos = null;
try { try {
String extesionName = Util.getExtensionName(originalFilename); // String extesionName = Util.getExtensionName(originalFilename);
InputStream in = multipartFile.getInputStream(); // InputStream in = multipartFile.getInputStream();
in = new BufferedInputStream(in); // in = new BufferedInputStream(in);
baos = new ByteArrayOutputStream(); // baos = new ByteArrayOutputStream();
byte[] buf = new byte[GConstants.BUFFER_SIZE]; // byte[] buf = new byte[GConstants.BUFFER_SIZE];
// 以写字节的方式写文件 // // 以写字节的方式写文件
int size = in.read(buf); // int size = in.read(buf);
while (size != -1) { // while (size != -1) {
baos.write(buf, 0, size); // baos.write(buf, 0, size);
size = in.read(buf); // size = in.read(buf);
} // }
byte[] data = baos.toByteArray(); // byte[] data = baos.toByteArray();
// 待扩展名称的MOD5 // // 待扩展名称的MOD5
String md5 = DigestUtils.md5Hex(data) + extesionName; // String md5 = DigestUtils.md5Hex(data) + extesionName;
// 文件扩展名称不能为NULL // // 文件扩展名称不能为NULL
if (extesionName == null || extesionName.length() == 0) { // if (extesionName == null || extesionName.length() == 0) {
LOG.debug("无法获取文件扩展名:" + originalFilename); // LOG.debug("无法获取文件扩展名:" + originalFilename);
} // }
// 文件保存路径:基本路径+模块名称+日期 // 文件保存路径:基本路径+模块名称+日期
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt); // String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);
String basePath = moduleName + GConstants.FS + extesionName.replaceAll("\\.", "") + GConstants.FS; // String basePath = moduleName + GConstants.FS + extesionName.replaceAll("\\.", "") + GConstants.FS;
// 上传文件基本地址 // 上传文件基本地址
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath); // File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath);
if (!baseUploadDir.exists()) { // if (!baseUploadDir.exists()) {
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
// 文件保存地址 // 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5); // File uploadFilePath = new File(baseUploadDir, md5);
LOG.info("原文件服务器绝对路径:" + uploadFilePath); // LOG.info("原文件服务器绝对路径:" + uploadFilePath);
// 将数据保存到指定文件 // // 将数据保存到指定文件
os = new FileOutputStream(uploadFilePath); // os = new FileOutputStream(uploadFilePath);
os = new BufferedOutputStream(os); // os = new BufferedOutputStream(os);
os.write(data); // os.write(data);
os.flush(); // os.flush();
return baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5; // return baseDatePath + GConstants.FS + GConstants.FILE_IMAGE_ACTUALS + GConstants.FS + basePath + md5;
} catch (IOException ex) { return "";
} catch (Exception ex) {
return "error" + ex.getMessage(); return "error" + ex.getMessage();
} }
......
src/com/ejweb/modules/file/web/FileUploadController.java
...@@ -32,42 +32,42 @@ public class FileUploadController extends BaseController { ...@@ -32,42 +32,42 @@ public class FileUploadController extends BaseController {
public void SaveImg(HttpServletRequest request, MultipartFile file, HttpServletResponse response){ public void SaveImg(HttpServletRequest request, MultipartFile file, HttpServletResponse response){
try { try {
request.setCharacterEncoding("utf-8"); // request.setCharacterEncoding("utf-8");
response.setHeader("Content-Type", "text/html"); // response.setHeader("Content-Type", "text/html");
//F
// 转换为文件类型的request // // 转换为文件类型的request
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; // MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
Iterator<String> fileIterator = multipartRequest.getFileNames(); // Iterator<String> fileIterator = multipartRequest.getFileNames();
// 获取对应file对象 // // 获取对应file对象
Map<String, MultipartFile> fileMap = multipartRequest.getFileMap(); // Map<String, MultipartFile> fileMap = multipartRequest.getFileMap();
String fileKey = fileIterator.next(); // String fileKey = fileIterator.next();
// 获取对应文件 // // 获取对应文件
MultipartFile multipartFile = fileMap.get(fileKey); // MultipartFile multipartFile = fileMap.get(fileKey);
String fileName= multipartFile.getOriginalFilename(); // String fileName= multipartFile.getOriginalFilename();
//
// 文件安全验证 // // 文件安全验证
FileManipulation.validateFile(fileName); // FileManipulation.validateFile(fileName);
//
String url=fileService.upload(multipartFile,fileName); // String url=fileService.upload(multipartFile,fileName);
JSONObject js=new JSONObject(); // JSONObject js=new JSONObject();
//
js.put("message","success"); // js.put("message","success");
js.put("url",url); // js.put("url",url);
response.getWriter().write(js.toString()); // response.getWriter().write(js.toString());
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
} }
@RequestMapping(value = "/upload", method=RequestMethod.POST) @RequestMapping(value = "/upload", method=RequestMethod.POST)
public void upload(HttpServletRequest request, MultipartFile file, RedirectAttributes redirectAttributes, HttpServletResponse response) throws IOException{ public void upload(HttpServletRequest request, MultipartFile file, RedirectAttributes redirectAttributes, HttpServletResponse response) throws IOException{
String fileName= file.getOriginalFilename(); // String fileName= file.getOriginalFilename();
// 文件安全验证 // // 文件安全验证
FileManipulation.validateFile(fileName); // FileManipulation.validateFile(fileName);
String url=fileService.upload(file,fileName); // String url=fileService.upload(file,fileName);
JSONObject js=new JSONObject(); // JSONObject js=new JSONObject();
//
js.put("message","success"); // js.put("message","success");
js.put("url",url); // js.put("url",url);
response.getWriter().write(js.toString()); // response.getWriter().write(js.toString());
} }
} }
src/com/ejweb/modules/verify/service/DocumentService.java
...@@ -71,72 +71,72 @@ public class DocumentService extends CrudService<DocumentDao, DocumentEntity> { ...@@ -71,72 +71,72 @@ public class DocumentService extends CrudService<DocumentDao, DocumentEntity> {
String moduleName,DocumentEntity documentEntity){ String moduleName,DocumentEntity documentEntity){
OutputStream os = null; OutputStream os = null;
ByteArrayOutputStream baos = null; ByteArrayOutputStream baos = null;
String PATH_FORMAt = GConstants.getValue("file.path.format", "{yyyy}{mm}{dd}"); // String PATH_FORMAt = GConstants.getValue("file.path.format", "{yyyy}{mm}{dd}");
try { try {
if(StringUtils.isBlank(originalFilename)){// 文件扩展名称不能为NULL // if(StringUtils.isBlank(originalFilename)){// 文件扩展名称不能为NULL
return null; // return null;
} // }
String extesionName = Util.getExtensionName(originalFilename); // String extesionName = Util.getExtensionName(originalFilename);
if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL // if(extesionName == null || extesionName.length() == 0){// 文件扩展名称不能为NULL
return null; // return null;
} // }
in = new BufferedInputStream(in); // in = new BufferedInputStream(in);
baos = new ByteArrayOutputStream(); // baos = new ByteArrayOutputStream();
byte[] buf = new byte[GConstants.BUFFER_SIZE]; // byte[] buf = new byte[GConstants.BUFFER_SIZE];
// 以写字节的方式写文件 // // 以写字节的方式写文件
int size = in.read(buf); // int size = in.read(buf);
while (size != -1) { // while (size != -1) {
baos.write(buf, 0, size); // baos.write(buf, 0, size);
size = in.read(buf); // size = in.read(buf);
} // }
byte[] data = baos.toByteArray(); // byte[] data = baos.toByteArray();
//
// byte[] data = IOUtils.toByteArray(in); //// byte[] data = IOUtils.toByteArray(in);
// 待扩展名称的MOD5 // // 待扩展名称的MOD5
String md5 = DigestUtils.md5Hex(data)+extesionName; // String md5 = DigestUtils.md5Hex(data)+extesionName;
String filesize=""; // String filesize="";
documentEntity.setFileName(originalFilename); // documentEntity.setFileName(originalFilename);
double d=data.length/1024; // double d=data.length/1024;
if(d>1023){ // if(d>1023){
d=d/1024; // d=d/1024;
DecimalFormat df =new DecimalFormat("#.00"); // DecimalFormat df =new DecimalFormat("#.00");
filesize=df.format(d)+"MB"; // filesize=df.format(d)+"MB";
}else{ // }else{
DecimalFormat df =new DecimalFormat("#0.0"); // DecimalFormat df =new DecimalFormat("#0.0");
filesize=df.format(d)+"KB"; // filesize=df.format(d)+"KB";
} // }
documentEntity.setFileSize(filesize ); // documentEntity.setFileSize(filesize );
documentEntity.setMd5(md5); // documentEntity.setMd5(md5);
documentEntity.setExtesion(extesionName); // documentEntity.setExtesion(extesionName);
if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面 // if(StringUtils.isBlank(moduleName)){// 如果没有传则默认保存到files下面
moduleName = "files"; // moduleName = "files";
} else{ // } else{
moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串 // moduleName = moduleName.replaceAll("^/+|/+$|[^0-9|a-z|A-Z|/]+", "");// 替换非法字符串
moduleName = moduleName.replaceAll("[\\|//]+", "/"); // moduleName = moduleName.replaceAll("[\\|//]+", "/");
if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面 // if(moduleName.length() == 0 || moduleName.length()>64)// 如果没有传则默认保存到files下面
moduleName = "files"; // moduleName = "files";
} // }
// 文件保存路径:基本路径+模块名称+日期 // // 文件保存路径:基本路径+模块名称+日期
String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis()); // String baseDatePath = PathFormatUtils.parse(PATH_FORMAt);//FORMAT.format(System.currentTimeMillis());
String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS; // String basePath = moduleName+GConstants.FS+extesionName.replaceAll("\\.", "")+GConstants.FS;
// 上传文件基本地址 // // 上传文件基本地址
File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath); // File baseUploadDir = new File(GConstants.FILE_UPLOAD_DIR, baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath);
// 验证文件安全 // // 验证文件安全
FileManipulation.validateFile(baseUploadDir.getPath()); // FileManipulation.validateFile(baseUploadDir.getPath());
if(!baseUploadDir.exists()){// 如果文件夹不存在则创建 // if(!baseUploadDir.exists()){// 如果文件夹不存在则创建
baseUploadDir.mkdirs(); // baseUploadDir.mkdirs();
} // }
documentEntity.setFilePath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5); // documentEntity.setFilePath(baseDatePath+GConstants.FS+GConstants.FILE_IMAGE_ACTUALS+GConstants.FS+basePath+md5);
//
// 文件保存地址 // // 文件保存地址
File uploadFilePath = new File(baseUploadDir, md5); // File uploadFilePath = new File(baseUploadDir, md5);
// 验证文件安全 // // 验证文件安全
FileManipulation.validateFile(uploadFilePath.getPath()); // FileManipulation.validateFile(uploadFilePath.getPath());
// 将数据保存到指定文件 // // 将数据保存到指定文件
os = new FileOutputStream(uploadFilePath); // os = new FileOutputStream(uploadFilePath);
os = new BufferedOutputStream(os); // os = new BufferedOutputStream(os);
os.write(data); // os.write(data);
os.flush(); // os.flush();
} catch (Exception e) { } catch (Exception e) {
// TODO: handle exception // TODO: handle exception
} finally { } finally {
......
src/com/ejweb/modules/verify/web/DocumentController.java
...@@ -73,21 +73,21 @@ public class DocumentController extends BaseController { ...@@ -73,21 +73,21 @@ public class DocumentController extends BaseController {
@RequiresPermissions("vrf:document:edit") @RequiresPermissions("vrf:document:edit")
@RequestMapping(value = "save") @RequestMapping(value = "save")
public String save(DocumentEntity documentEntity, MultipartFile file, HttpServletRequest request, Model model, RedirectAttributes redirectAttributes) { public String save(DocumentEntity documentEntity, MultipartFile file, HttpServletRequest request, Model model, RedirectAttributes redirectAttributes) {
if (!beanValidator(model, documentEntity)){ // if (!beanValidator(model, documentEntity)){
return form(documentEntity, model); // return form(documentEntity, model);
} // }
if(file.getSize()==0){ // if(file.getSize()==0){
addMessage(redirectAttributes, "保存失败,请上传文件后再进行保存"); // addMessage(redirectAttributes, "保存失败,请上传文件后再进行保存");
return "redirect:" + adminPath + "/verify/document/list?repage"; // return "redirect:" + adminPath + "/verify/document/list?repage";
} // }
FileManipulation.check(file.getOriginalFilename()); // FileManipulation.check(file.getOriginalFilename());
String fileName = file.getOriginalFilename(); // String fileName = file.getOriginalFilename();
try { try {
InputStream in=file.getInputStream(); // InputStream in=file.getInputStream();
String moduleName = "verify"; // String moduleName = "verify";
String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":" // String sessionId = DigestUtils.md5Hex(Util.getRandom(100, 999)+":"
+System.currentTimeMillis()+":"+Util.getRandom(100, 999)); // +System.currentTimeMillis()+":"+Util.getRandom(100, 999));
documentEntity= documentService.addUploadFile(sessionId, in, "",fileName, moduleName,documentEntity); // documentEntity= documentService.addUploadFile(sessionId, in, "",fileName, moduleName,documentEntity);
} catch (Exception e) { } catch (Exception e) {
// TODO: handle exception // TODO: handle exception
...@@ -109,43 +109,43 @@ public class DocumentController extends BaseController { ...@@ -109,43 +109,43 @@ public class DocumentController extends BaseController {
@RequiresPermissions("vrf:sailingfile:edit") @RequiresPermissions("vrf:sailingfile:edit")
@RequestMapping(value = "/download", method=RequestMethod.GET) @RequestMapping(value = "/download", method=RequestMethod.GET)
public String download(HttpServletRequest request,HttpServletResponse response, RedirectAttributes redirectAttributes){ public String download(HttpServletRequest request,HttpServletResponse response, RedirectAttributes redirectAttributes){
String id=request.getParameter("id"); // String id=request.getParameter("id");
DocumentEntity documentEntity= documentService.get(id); // DocumentEntity documentEntity= documentService.get(id);
//获得请求文件名 // //获得请求文件名
String filename = documentEntity.getFileName(); // String filename = documentEntity.getFileName();
InputStream in = null; // InputStream in = null;
OutputStream out = null; // OutputStream out = null;
try { // try {
//
//
//设置文件MIME类型 // //设置文件MIME类型
response.setContentType(request.getServletContext().getMimeType(filename)); // response.setContentType(request.getServletContext().getMimeType(filename));
String downloadFileName=new String( filename.getBytes("gbk"),"ISO8859-1"); // String downloadFileName=new String( filename.getBytes("gbk"),"ISO8859-1");
//设置Content-Disposition // //设置Content-Disposition
response.setHeader("Content-Disposition", "attachment;filename="+downloadFileName); // response.setHeader("Content-Disposition", "attachment;filename="+downloadFileName);
//读取目标文件,通过response将目标文件写到客户端 // //读取目标文件,通过response将目标文件写到客户端
//获取目标文件的绝对路径 // //获取目标文件的绝对路径
String fullFileName = GConstants.FILE_UPLOAD_DIR+documentEntity.getFilePath(); // String fullFileName = GConstants.FILE_UPLOAD_DIR+documentEntity.getFilePath();
//System.out.println(fullFileName); // //System.out.println(fullFileName);
// 验证文件安全 // // 验证文件安全
fullFileName= FileManipulation.validateFile(fullFileName); // fullFileName= FileManipulation.validateFile(fullFileName);
//读取文件 并验证文件安全 // //读取文件 并验证文件安全
in = new FileInputStream(FileManipulation.validateFile(fullFileName)); // in = new FileInputStream(FileManipulation.validateFile(fullFileName));
out = response.getOutputStream(); // out = response.getOutputStream();
//
//写文件 // //写文件
int b; // int b;
while((b=in.read())!= -1) // while((b=in.read())!= -1)
{ // {
out.write(b); // out.write(b);
} // }
} catch (Exception e) { // } catch (Exception e) {
// TODO: handle exception // // TODO: handle exception
} finally{ // } finally{
IOUtils.closeQuietly(in); // IOUtils.closeQuietly(in);
IOUtils.closeQuietly(out); // IOUtils.closeQuietly(out);
} // }
//
return null; return null;
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment