尝试修复路径遍历

a09b3090 · 黎配弘 · 0442250b · a09b3090 · a09b3090 · a09b3090
Commit a09b3090 authored Oct 19, 2020 by 黎配弘
3 changed files
--- a/common/src/main/java/com/winsun/utils/FileUtil.java
+++ b/common/src/main/java/com/winsun/utils/FileUtil.java
@@ -17,7 +17,7 @@ import java.io.OutputStream;
 public class FileUtil {

    //写到相应路径
-    public  static boolean makefile(String path, MultipartFile file,String filename){
+    /*public  static boolean makefile(String path, MultipartFile file,String filename){

        File dir = new File(path);
        if (!dir.exists()) {
@@ -40,9 +40,9 @@ public class FileUtil {
            }
        }
        return true;
-    }
+    }*/

-    public  static boolean makefile1(String path, MultipartFile file,String filename){
+    /*public  static boolean makefile1(String path, MultipartFile file,String filename){
        File dir = new File(path);
        if (!dir.exists()) {
            dir.mkdirs();
@@ -62,5 +62,5 @@ public class FileUtil {
            }
        }
        return true;
-    }
+    }*/
 }
--- a/service-manager/src/main/java/com/winsun/controller/PackageController.java
+++ b/service-manager/src/main/java/com/winsun/controller/PackageController.java
@@ -12,7 +12,6 @@ import com.winsun.bean.SchoolPackage;
 import com.winsun.constant.FilePath;
 import com.winsun.mapper.PackageMapper;
 import com.winsun.mapper.SchoolPackageMapper;
-import com.winsun.utils.FileUtil;
 import com.winsun.utils.MyBatisPlusUpdateUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -23,6 +22,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;

+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -42,22 +44,21 @@ public class PackageController extends BaseController {
    private static SchoolPackageMapper schoolPackageMapper;

    //默认路径
-    private static String   DEFAULTPATH="/images/pkg/";
+    private static String DEFAULTPATH = "/images/pkg/";


-    private static String FILENAME="adv_img.jpg";
+    private static String FILENAME = "adv_img.jpg";

-    private static String XIAOTUFILENAME="logo.png";
+    private static String XIAOTUFILENAME = "logo.png";


    @Autowired
-    public PackageController(PackageMapper packageMapper,SchoolPackageMapper schoolPackageMapper) {
+    public PackageController(PackageMapper packageMapper, SchoolPackageMapper schoolPackageMapper) {
        PackageController.packageMapper = packageMapper;
        PackageController.schoolPackageMapper = schoolPackageMapper;
    }

    /**
-     *
     * @param id
     * @param packageName
     * @param name
@@ -71,7 +72,7 @@ public class PackageController extends BaseController {
     * @return
     */
    @Permission(menuname = "添加套餐信息", value = "insert", method = RequestMethod.POST)
-    public ResponseData<String> insertPackage(@RequestParam("id") String id,@RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") int isXbCard
+    public ResponseData<String> insertPackage(@RequestParam("id") String id, @RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") int isXbCard
            , @RequestParam("monthFee") String monthFee, @RequestParam("flow") String flow, @RequestParam("voice") String voice
            , @RequestParam("xbId") String xbId, @RequestParam("warmTip") String warmTip, @RequestParam("explains") String explains) {
        Package aPackage = new Package();
@@ -85,22 +86,21 @@ public class PackageController extends BaseController {
        aPackage.setWarmTip(warmTip);
        aPackage.setExplains(explains);
        Integer insert = packageMapper.insert(aPackage);
-        if (insert==1){
+        if (insert == 1) {

            EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
-            packagewrapper.eq("id",aPackage.getId());
-            String  backgroundpath= DEFAULTPATH+ aPackage.getId()+"/"+FILENAME;
-            String logopath =  DEFAULTPATH+ aPackage.getId()+"/"+XIAOTUFILENAME;
-            packageMapper.updateForSet("adv_img ='"+backgroundpath+"' ,  logo= '" +logopath+"'"  ,packagewrapper);
-            log.info("套餐信息新增完毕,id: {}",aPackage.getId());
+            packagewrapper.eq("id", aPackage.getId());
+            String backgroundpath = DEFAULTPATH + aPackage.getId() + "/" + FILENAME;
+            String logopath = DEFAULTPATH + aPackage.getId() + "/" + XIAOTUFILENAME;
+            packageMapper.updateForSet("adv_img ='" + backgroundpath + "' ,  logo= '" + logopath + "'", packagewrapper);
+            log.info("套餐信息新增完毕,id: {}", aPackage.getId());
            return ResponseData.success("新增完毕！");
        }
-        log.info("套餐信息新增失败,id: {}",aPackage.getId());
+        log.info("套餐信息新增失败,id: {}", aPackage.getId());
        return ResponseData.success("新增失败！");
    }

    /**
-     *
     * @param id
     * @return
     */
@@ -109,18 +109,17 @@ public class PackageController extends BaseController {
        Integer integer = packageMapper.deleteById(id);
        //删除中间表信息
        EntityWrapper<SchoolPackage> schoolPackagewrapper = new EntityWrapper<>();
-        schoolPackagewrapper.eq("package_id",id);
+        schoolPackagewrapper.eq("package_id", id);
        schoolPackageMapper.delete(schoolPackagewrapper);
-        if (integer==1){
-            log.info("套餐信息删除完毕,删除id: {}",id);
+        if (integer == 1) {
+            log.info("套餐信息删除完毕,删除id: {}", id);
            return ResponseData.success("删除完毕！");
        }
-        log.info("套餐信息删除失败,删除id: {}",id);
+        log.info("套餐信息删除失败,删除id: {}", id);
        return ResponseData.success("删除失败！");
    }

    /**
-     *
     * @param id
     * @param packageName
     * @param name
@@ -134,7 +133,7 @@ public class PackageController extends BaseController {
     * @return
     */
    @Permission(menuname = "修改套餐信息", value = "update", method = RequestMethod.POST)
-    public ResponseData<String> updatePackage(@RequestParam("id") String id,@RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") String isXbCard
+    public ResponseData<String> updatePackage(@RequestParam("id") String id, @RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") String isXbCard
            , @RequestParam("monthFee") String monthFee, @RequestParam("flow") String flow, @RequestParam("voice") String voice
            , @RequestParam("xbId") String xbId, @RequestParam("warmTip") String warmTip, @RequestParam("explains") String explains) {

@@ -151,10 +150,10 @@ public class PackageController extends BaseController {
        dataMapping.put("warm_tip", warmTip);
        dataMapping.put("explains", explains);
        Integer integer = packageMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
-        if (integer==1){
+        if (integer == 1) {
            log.info("成功修改完毕套餐信息");
            return ResponseData.success("修改完毕！");
-        }else{
+        } else {
            log.info("修改失败套餐信息");
            return ResponseData.error("修改失败！");
        }
@@ -173,11 +172,11 @@ public class PackageController extends BaseController {
    }

    @Permission(menuname = "套餐全称列表", value = "packageAllList", method = RequestMethod.POST)
-    public ResponseData<List<String>>packageAll() {
+    public ResponseData<List<String>> packageAll() {
        ArrayList<String> arrayList = new ArrayList<>();
        final List<Map<String, Object>> maps = packageMapper.packageAll();
        for (Map<String, Object> map : maps) {
-            if (map!=null){
+            if (map != null) {
                arrayList.add(map.get("cdmaDiscDesc").toString());
            }
        }
@@ -186,50 +185,82 @@ public class PackageController extends BaseController {


    @Permission(menuname = "上传背景图", value = "backgroundUpload", method = RequestMethod.POST)
-    public ResponseData<String>backgroundUpload(@RequestParam(value = "file") MultipartFile file,@RequestParam(value = "id",required = false) String id) {
+    public ResponseData<String> backgroundUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id", required = false) String id) {
        String subfix = "";
-        String  backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH+"/";
-        if (StringUtils.isBlank(id)){
+        String backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH + "/";
+        if (StringUtils.isBlank(id)) {
            EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
            packagewrapper.setSqlSelect("max(id) as id");
            List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper);
            id = selectMaps.get(0).get("id").toString();
-            Integer fileid = Integer.valueOf(id)+1;
+            Integer fileid = Integer.valueOf(id) + 1;
            subfix = fileid.toString();
-        }else {
+        } else {
            subfix = id;
        }
        backgroundpath = backgroundpath + subfix.replace(".", "").
-                replace("/","")
-                .replace("\\","");
-        boolean makefile = FileUtil.makefile(backgroundpath, file,FILENAME);
-        if (!makefile){
-            return ResponseData.error("上传失败！");
+                replace("/", "").replace("\\", "");
+        File dir = new File(backgroundpath);
+        if (!dir.exists()) {
+            dir.mkdirs();
        }
-        return ResponseData.success("上传成功" );
+        File savePath = new File(dir, FILENAME);
+        OutputStream os = null;
+        try {
+            os = new FileOutputStream(savePath);
+            os.write(file.getBytes());
+            os.flush();
+            return ResponseData.success("上传成功");
+        } catch (Exception e) {
+            log.error("上传文件失败：" + e.getMessage(), e);
+            return ResponseData.error("上传失败！" + e.getMessage());
+        } finally {
+            if (os != null) {
+                try {
+                    os.close();
+                } catch (Exception e) {
                }
+            }
+        }
+    }
+
    //xiaotudUpload
    @Permission(menuname = "上传小图", value = "xiaotuUpload", method = RequestMethod.POST)
-    public ResponseData<String>xiaotuUpload(@RequestParam(value = "file") MultipartFile file,@RequestParam(value = "id",required = false) String id) {
+    public ResponseData<String> xiaotuUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id", required = false) String id) {
        String subfix = "";
-        String  backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH+"/";
-        if (StringUtils.isBlank(id)){
+        String backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH + "/";
+        if (StringUtils.isBlank(id)) {
            EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
            packagewrapper.setSqlSelect("max(id) as id");
            List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper);
            id = selectMaps.get(0).get("id").toString();
-            Integer fileid = Integer.valueOf(id)+1;
+            Integer fileid = Integer.valueOf(id) + 1;
            subfix = fileid.toString();
-        }else {
+        } else {
            subfix = id;
        }
-        boolean makefile = FileUtil.makefile(backgroundpath, file,XIAOTUFILENAME);
-        if (!makefile){
-            return ResponseData.error("上传失败！");
-        }
-        return ResponseData.success("上传成功" );
+        File dir = new File(backgroundpath);
+        if (!dir.exists()) {
+            dir.mkdirs();
        }
+        File savePath = new File(dir, XIAOTUFILENAME);
+        OutputStream os = null;
+        try {
+            os = new FileOutputStream(savePath);
+            os.write(file.getBytes());
+            os.flush();

-
-
+            return ResponseData.success("上传成功");
+        } catch (Exception e) {
+            log.error("上传文件失败：" + e.getMessage(), e);
+            return ResponseData.error("上传失败！" + e.getMessage());
+        } finally {
+            if (os != null) {
+                try {
+                    os.close();
+                } catch (Exception e) {
+                }
+            }
+        }
+    }
 }
--- a/service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
+++ b/service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
@@ -29,6 +29,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;

+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -244,8 +247,18 @@ public class SchoolManagementController extends BaseController {

    @Permission(menuname = "上传二维码", value = "qrcodeUpload", method = RequestMethod.POST)
    public ResponseData<String>xiaotuUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id",required = false) String id) {
-        String  backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH;
-        boolean makefile = FileUtil.makefile(backgroundpath, file,id+FILENAME);
+        String  backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH;
+        File dir = new File(backgroundpath);
+        if (!dir.exists()) {
+            dir.mkdirs();
+        }
+        File savePath = new File(backgroundpath, id + FILENAME);
+        OutputStream os = null;
+        try {
+            os = new FileOutputStream(savePath);
+            os.write(file.getBytes());
+            os.flush();
+
            Wrapper<School> wrapper = new EntityWrapper<>();
            wrapper.eq("id",id);
            Map<String, Object> map = new HashMap<>();
@@ -255,6 +268,16 @@ public class SchoolManagementController extends BaseController {
                return ResponseData.error("上传失败！");
            }
            return ResponseData.success("上传成功" );
+        } catch (Exception e) {
+            log.error("上传文件失败：" + e.getMessage(), e);
+            return ResponseData.error("上传失败" + e.getMessage());
+        } finally {
+            if (os != null) {
+                try{
+                    os.close();
+                }catch(Exception e) {}
+            }
+        }
    }