lsm/file-online-preview
1
0
Fork 0
mirror of https://gitee.com/kekingcn/file-online-preview.git synced 2025-04-05 17:37:49 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

中文URL参数解码

Browse Source
This commit is contained in:
陈精华 2022-11-11 10:14:12 +08:00
parent 8fb32e4f73
commit 883b45f201
2 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
server/src/main/java/cn/keking/utils/WebUtils.java
View File

@ -8,6 +8,7 @@ import javax.servlet.ServletRequest;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
@ -157,16 +158,16 @@ public class WebUtils {
String currentUrl = request.getParameter("currentUrl"); String currentUrl = request.getParameter("currentUrl");
String urlPath = request.getParameter("urlPath"); String urlPath = request.getParameter("urlPath");
if (StringUtils.isNotBlank(url)) { if (StringUtils.isNotBlank(url)) {
return decodeBase64String(url); return decodeUrl(url);
} }
if (StringUtils.isNotBlank(currentUrl)) { if (StringUtils.isNotBlank(currentUrl)) {
return decodeBase64String(currentUrl); return decodeUrl(currentUrl);
} }
if (StringUtils.isNotBlank(urlPath)) { if (StringUtils.isNotBlank(urlPath)) {
return decodeBase64String(urlPath); return decodeUrl(urlPath);
} }
if (StringUtils.isNotBlank(urls)) { if (StringUtils.isNotBlank(urls)) {
urls = decodeBase64String(urls); urls = decodeUrl(urls);
String[] images = urls.split("\\|"); String[] images = urls.split("\\|");
return images[0]; return images[0];
} }
@ -174,12 +175,20 @@ public class WebUtils {
} }
/** /**
* Base64 字符串解码默认使用 UTF-8 * Base64 字符串解码再解码URL参数, 默认使用 UTF-8
* @param source 原始 Base64 字符串 * @param source 原始 Base64 字符串
* @return decoded string * @return decoded string
*
* aHR0cHM6Ly9maWxlLmtla2luZy5jbi9kZW1vL%2BS4reaWhy5wcHR4 -> https://file.keking.cn/demo/%E4%B8%AD%E6%96%87.pptx -> https://file.keking.cn/demo/中文.pptx
*/ */
public static String decodeBase64String(String source) { public static String decodeUrl(String source) {
return decodeBase64String(source, StandardCharsets.UTF_8); String url = decodeBase64String(source, StandardCharsets.UTF_8);
try {
url = URLDecoder.decode(url, StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
return url;
} }
/** /**

9
server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
View File

@ -56,7 +56,7 @@ public class OnlinePreviewController {
public String onlinePreview(String url, Model model, HttpServletRequest req) { public String onlinePreview(String url, Model model, HttpServletRequest req) {
String fileUrl; String fileUrl;
try { try {
fileUrl = WebUtils.decodeBase64String(url); fileUrl = WebUtils.decodeUrl(url);
} catch (Exception ex) { } catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url"); String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
return otherFilePreview.notSupportedFile(model, errorMsg); return otherFilePreview.notSupportedFile(model, errorMsg);
@ -72,20 +72,18 @@ public class OnlinePreviewController {
public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException { public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
String fileUrls; String fileUrls;
try { try {
fileUrls = WebUtils.decodeBase64String(urls); fileUrls = WebUtils.decodeUrl(urls);
// 防止XSS攻击 // 防止XSS攻击
fileUrls = HtmlUtils.htmlEscape(fileUrls); fileUrls = HtmlUtils.htmlEscape(fileUrls);
} catch (Exception ex) { } catch (Exception ex) {
String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls"); String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls");
return otherFilePreview.notSupportedFile(model, errorMsg); return otherFilePreview.notSupportedFile(model, errorMsg);
} }
logger.info("预览文件url{}urls{}", fileUrls, urls); logger.info("预览文件url{}urls{}", fileUrls, urls);
// 抽取文件并返回文件列表 // 抽取文件并返回文件列表
String[] images = fileUrls.split("\\|"); String[] images = fileUrls.split("\\|");
List<String> imgUrls = Arrays.asList(images); List<String> imgUrls = Arrays.asList(images);
model.addAttribute("imgUrls", imgUrls); model.addAttribute("imgUrls", imgUrls);
String currentUrl = req.getParameter("currentUrl"); String currentUrl = req.getParameter("currentUrl");
if (StringUtils.hasText(currentUrl)) { if (StringUtils.hasText(currentUrl)) {
String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl)); String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl));
@ -106,7 +104,7 @@ public class OnlinePreviewController {
@GetMapping("/getCorsFile") @GetMapping("/getCorsFile")
public void getCorsFile(String urlPath, HttpServletResponse response) { public void getCorsFile(String urlPath, HttpServletResponse response) {
try { try {
urlPath = WebUtils.decodeBase64String(urlPath); urlPath = WebUtils.decodeUrl(urlPath);
} catch (Exception ex) { } catch (Exception ex) {
logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex); logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
return; return;
@ -116,7 +114,6 @@ public class OnlinePreviewController {
logger.info("读取跨域文件异常可能存在非法访问urlPath{}", urlPath); logger.info("读取跨域文件异常可能存在非法访问urlPath{}", urlPath);
return; return;
} }
logger.info("下载跨域pdf文件url{}", urlPath); logger.info("下载跨域pdf文件url{}", urlPath);
try { try {
URL url = WebUtils.normalizedURL(urlPath); URL url = WebUtils.normalizedURL(urlPath);