wangtao
/
file-online-preview
mirror of https://gitee.com/kekingcn/file-online-preview.git
1
0
Fork 0
Code Issues Releases Wiki Activity

中文URL参数解码

This commit is contained in:
陈精华 2022-11-11 10:14:12 +08:00
parent 8fb32e4f73
commit 883b45f201
2 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
server/src/main/java/cn/keking/utils/WebUtils.java
View File

@ -8,6 +8,7 @@ import javax.servlet.ServletRequest;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
@ -157,16 +158,16 @@ public class WebUtils {
String currentUrl = request.getParameter("currentUrl");
String urlPath = request.getParameter("urlPath");
if (StringUtils.isNotBlank(url)) {
return decodeBase64String(url);
return decodeUrl(url);
}
if (StringUtils.isNotBlank(currentUrl)) {
return decodeBase64String(currentUrl);
return decodeUrl(currentUrl);
}
if (StringUtils.isNotBlank(urlPath)) {
return decodeBase64String(urlPath);
return decodeUrl(urlPath);
}
if (StringUtils.isNotBlank(urls)) {
urls = decodeBase64String(urls);
urls = decodeUrl(urls);
String[] images = urls.split("\\|");
return images[0];
}
@ -174,12 +175,20 @@ public class WebUtils {
}
/**
* Base64 字符串解码默认使用 UTF-8
* Base64 字符串解码再解码URL参数, 默认使用 UTF-8
* @param source 原始 Base64 字符串
* @return decoded string
*
* aHR0cHM6Ly9maWxlLmtla2luZy5jbi9kZW1vL%2BS4reaWhy5wcHR4 -> https://file.keking.cn/demo/%E4%B8%AD%E6%96%87.pptx -> https://file.keking.cn/demo/中文.pptx
*/
public static String decodeBase64String(String source) {
return decodeBase64String(source, StandardCharsets.UTF_8);
public static String decodeUrl(String source) {
String url = decodeBase64String(source, StandardCharsets.UTF_8);
try {
url = URLDecoder.decode(url, StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
return url;
}
/**

9
server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
View File

@ -56,7 +56,7 @@ public class OnlinePreviewController {
public String onlinePreview(String url, Model model, HttpServletRequest req) {
String fileUrl;
try {
fileUrl = WebUtils.decodeBase64String(url);
fileUrl = WebUtils.decodeUrl(url);
} catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
return otherFilePreview.notSupportedFile(model, errorMsg);
@ -72,20 +72,18 @@ public class OnlinePreviewController {
public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
String fileUrls;
try {
fileUrls = WebUtils.decodeBase64String(urls);
fileUrls = WebUtils.decodeUrl(urls);
// 防止XSS攻击
fileUrls = HtmlUtils.htmlEscape(fileUrls);
} catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls");
return otherFilePreview.notSupportedFile(model, errorMsg);
}
logger.info("预览文件url{}urls{}", fileUrls, urls);
// 抽取文件并返回文件列表
String[] images = fileUrls.split("\\|");
List<String> imgUrls = Arrays.asList(images);
model.addAttribute("imgUrls", imgUrls);
String currentUrl = req.getParameter("currentUrl");
if (StringUtils.hasText(currentUrl)) {
String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl));
@ -106,7 +104,7 @@ public class OnlinePreviewController {
@GetMapping("/getCorsFile")
public void getCorsFile(String urlPath, HttpServletResponse response) {
try {
urlPath = WebUtils.decodeBase64String(urlPath);
urlPath = WebUtils.decodeUrl(urlPath);
} catch (Exception ex) {
logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
return;
@ -116,7 +114,6 @@ public class OnlinePreviewController {
logger.info("读取跨域文件异常可能存在非法访问urlPath{}", urlPath);
return;
}
logger.info("下载跨域pdf文件url{}", urlPath);
try {
URL url = WebUtils.normalizedURL(urlPath);