尝试修复路径遍历的问题

11b7c72a · 黎配弘 · 480fbe41 · 11b7c72a
Commit 11b7c72a authored Oct 19, 2020 by 黎配弘
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 9 deletions

service-manager/src/main/java/com/winsun/controller/PackageController.java
+5 -9

No files found.
--- a/service-manager/src/main/java/com/winsun/controller/PackageController.java
+++ b/service-manager/src/main/java/com/winsun/controller/PackageController.java
@@ -186,21 +186,17 @@ public class PackageController extends BaseController {

    @Permission(menuname = "上传背景图", value = "backgroundUpload", method = RequestMethod.POST)
    public ResponseData<String> backgroundUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id", required = false) int id) {
-        String subfix = "";
-        String backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH + "/";
+        StringBuilder basePath = new StringBuilder();
+        basePath.append(FilePath.BACKGROUNDIMG.getValue()).append(File.separator).append(DEFAULTPATH).append(File.separator);
        if (id < 1) {
            EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
            packagewrapper.setSqlSelect("max(id) as id");
            List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper);
-            id = Integer.parseInt(selectMaps.get(0).get("id").toString());
-            Integer fileid = id + 1;
-            subfix = fileid.toString();
+            basePath.append(Integer.parseInt(selectMaps.get(0).get("id").toString()) + 1);
        } else {
-            subfix = String.valueOf(id);
+            basePath.append(id);
        }
-        backgroundpath = backgroundpath + subfix.replace(".", "").
-                replace("/", "").replace("\\", "");
-        File dir = new File(backgroundpath);
+        File dir = new File(basePath.toString());
        if (!dir.exists()) {
            dir.mkdirs();
        }