open-source/file-online-preview
1
0
Fork 0
mirror of https://gitee.com/kekingcn/file-online-preview.git synced 2026-03-14 13:13:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

中文URL参数解码

Browse Source
This commit is contained in:
陈精华
2022-11-11 10:14:12 +08:00
parent 8fb32e4f73
commit 883b45f201
2 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
View File

@@ -56,7 +56,7 @@ public class OnlinePreviewController {
public String onlinePreview(String url, Model model, HttpServletRequest req) {
String fileUrl;
try {
fileUrl = WebUtils.decodeBase64String(url);
fileUrl = WebUtils.decodeUrl(url);
} catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
return otherFilePreview.notSupportedFile(model, errorMsg);
@@ -72,20 +72,18 @@ public class OnlinePreviewController {
public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
String fileUrls;
try {
fileUrls = WebUtils.decodeBase64String(urls);
fileUrls = WebUtils.decodeUrl(urls);
// 防止XSS攻击
fileUrls = HtmlUtils.htmlEscape(fileUrls);
} catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls");
return otherFilePreview.notSupportedFile(model, errorMsg);
}
logger.info("预览文件url{}urls{}", fileUrls, urls);
// 抽取文件并返回文件列表
String[] images = fileUrls.split("\\|");
List<String> imgUrls = Arrays.asList(images);
model.addAttribute("imgUrls", imgUrls);
String currentUrl = req.getParameter("currentUrl");
if (StringUtils.hasText(currentUrl)) {
String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl));
@@ -106,7 +104,7 @@ public class OnlinePreviewController {
@GetMapping("/getCorsFile")
public void getCorsFile(String urlPath, HttpServletResponse response) {
try {
urlPath = WebUtils.decodeBase64String(urlPath);
urlPath = WebUtils.decodeUrl(urlPath);
} catch (Exception ex) {
logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
return;
@@ -116,7 +114,6 @@ public class OnlinePreviewController {
logger.info("读取跨域文件异常可能存在非法访问urlPath{}", urlPath);
return;
}
logger.info("下载跨域pdf文件url{}", urlPath);
try {
URL url = WebUtils.normalizedURL(urlPath);