From 883b45f20125a16436a92b85646633a999bbcc70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E7=B2=BE=E5=8D=8E?= <842761733@qq.com>
Date: Fri, 11 Nov 2022 10:14:12 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=AD=E6=96=87URL=E5=8F=82=E6=95=B0?=
 =?UTF-8?q?=E8=A7=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/cn/keking/utils/WebUtils.java   | 23 +++++++++++++------
 .../controller/OnlinePreviewController.java   |  9 +++-----
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/server/src/main/java/cn/keking/utils/WebUtils.java b/server/src/main/java/cn/keking/utils/WebUtils.java
index 5b04067a..80568f26 100644
--- a/server/src/main/java/cn/keking/utils/WebUtils.java
+++ b/server/src/main/java/cn/keking/utils/WebUtils.java
@@ -8,6 +8,7 @@ import javax.servlet.ServletRequest;
 import java.io.UnsupportedEncodingException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
@@ -157,16 +158,16 @@ public class WebUtils {
         String currentUrl = request.getParameter("currentUrl");
         String urlPath = request.getParameter("urlPath");
         if (StringUtils.isNotBlank(url)) {
-            return decodeBase64String(url);
+            return decodeUrl(url);
         }
         if (StringUtils.isNotBlank(currentUrl)) {
-            return decodeBase64String(currentUrl);
+            return decodeUrl(currentUrl);
         }
         if (StringUtils.isNotBlank(urlPath)) {
-            return decodeBase64String(urlPath);
+            return decodeUrl(urlPath);
         }
         if (StringUtils.isNotBlank(urls)) {
-            urls = decodeBase64String(urls);
+            urls = decodeUrl(urls);
             String[] images = urls.split("\\|");
             return images[0];
         }
@@ -174,12 +175,20 @@ public class WebUtils {
     }
 
     /**
-     * 将 Base64 字符串解码，默认使用 UTF-8
+     * 将 Base64 字符串解码，再解码URL参数, 默认使用 UTF-8
      * @param source 原始 Base64 字符串
      * @return decoded string
+     *
+     * aHR0cHM6Ly9maWxlLmtla2luZy5jbi9kZW1vL%2BS4reaWhy5wcHR4 -> https://file.keking.cn/demo/%E4%B8%AD%E6%96%87.pptx -> https://file.keking.cn/demo/中文.pptx
      */
-    public static String decodeBase64String(String source) {
-        return decodeBase64String(source, StandardCharsets.UTF_8);
+    public static String decodeUrl(String source) {
+        String url = decodeBase64String(source, StandardCharsets.UTF_8);
+        try {
+            url = URLDecoder.decode(url, StandardCharsets.UTF_8.name());
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e);
+        }
+        return url;
     }
 
     /**
diff --git a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
index c2d09264..b30ec78e 100644
--- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
+++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
@@ -56,7 +56,7 @@ public class OnlinePreviewController {
     public String onlinePreview(String url, Model model, HttpServletRequest req) {
         String fileUrl;
         try {
-            fileUrl = WebUtils.decodeBase64String(url);
+            fileUrl = WebUtils.decodeUrl(url);
         } catch (Exception ex) {
             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
             return otherFilePreview.notSupportedFile(model, errorMsg);
@@ -72,20 +72,18 @@ public class OnlinePreviewController {
     public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
         String fileUrls;
         try {
-            fileUrls = WebUtils.decodeBase64String(urls);
+            fileUrls = WebUtils.decodeUrl(urls);
             // 防止XSS攻击
             fileUrls = HtmlUtils.htmlEscape(fileUrls);
         } catch (Exception ex) {
             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls");
             return otherFilePreview.notSupportedFile(model, errorMsg);
         }
-
         logger.info("预览文件url：{}，urls：{}", fileUrls, urls);
         // 抽取文件并返回文件列表
         String[] images = fileUrls.split("\\|");
         List<String> imgUrls = Arrays.asList(images);
         model.addAttribute("imgUrls", imgUrls);
-
         String currentUrl = req.getParameter("currentUrl");
         if (StringUtils.hasText(currentUrl)) {
             String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl));
@@ -106,7 +104,7 @@ public class OnlinePreviewController {
     @GetMapping("/getCorsFile")
     public void getCorsFile(String urlPath, HttpServletResponse response) {
         try {
-            urlPath = WebUtils.decodeBase64String(urlPath);
+            urlPath = WebUtils.decodeUrl(urlPath);
         } catch (Exception ex) {
             logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
             return;
@@ -116,7 +114,6 @@ public class OnlinePreviewController {
             logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
             return;
         }
-
         logger.info("下载跨域pdf文件url：{}", urlPath);
         try {
             URL url = WebUtils.normalizedURL(urlPath);