Skip to content

G
gdtel-gztel-school-center
Commit a09b3090 by 黎配弘
Options

尝试修复路径遍历

parent 0442250b
Showing with 118 additions and 64 deletions
common/src/main/java/com/winsun/utils/FileUtil.java
...@@ -17,7 +17,7 @@ import java.io.OutputStream; ...@@ -17,7 +17,7 @@ import java.io.OutputStream;
public class FileUtil { public class FileUtil {
//写到相应路径 //写到相应路径
public static boolean makefile(String path, MultipartFile file,String filename){ /*public static boolean makefile(String path, MultipartFile file,String filename){
File dir = new File(path); File dir = new File(path);
if (!dir.exists()) { if (!dir.exists()) {
...@@ -40,9 +40,9 @@ public class FileUtil { ...@@ -40,9 +40,9 @@ public class FileUtil {
} }
} }
return true; return true;
} }*/
public static boolean makefile1(String path, MultipartFile file,String filename){ /*public static boolean makefile1(String path, MultipartFile file,String filename){
File dir = new File(path); File dir = new File(path);
if (!dir.exists()) { if (!dir.exists()) {
dir.mkdirs(); dir.mkdirs();
...@@ -62,5 +62,5 @@ public class FileUtil { ...@@ -62,5 +62,5 @@ public class FileUtil {
} }
} }
return true; return true;
} }*/
} }
service-manager/src/main/java/com/winsun/controller/PackageController.java
...@@ -12,7 +12,6 @@ import com.winsun.bean.SchoolPackage; ...@@ -12,7 +12,6 @@ import com.winsun.bean.SchoolPackage;
import com.winsun.constant.FilePath; import com.winsun.constant.FilePath;
import com.winsun.mapper.PackageMapper; import com.winsun.mapper.PackageMapper;
import com.winsun.mapper.SchoolPackageMapper; import com.winsun.mapper.SchoolPackageMapper;
import com.winsun.utils.FileUtil;
import com.winsun.utils.MyBatisPlusUpdateUtils; import com.winsun.utils.MyBatisPlusUpdateUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
...@@ -23,6 +22,9 @@ import org.springframework.web.bind.annotation.RequestParam; ...@@ -23,6 +22,9 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
...@@ -42,22 +44,21 @@ public class PackageController extends BaseController { ...@@ -42,22 +44,21 @@ public class PackageController extends BaseController {
private static SchoolPackageMapper schoolPackageMapper; private static SchoolPackageMapper schoolPackageMapper;
//默认路径 //默认路径
private static String DEFAULTPATH="/images/pkg/"; private static String DEFAULTPATH = "/images/pkg/";
private static String FILENAME="adv_img.jpg"; private static String FILENAME = "adv_img.jpg";
private static String XIAOTUFILENAME="logo.png"; private static String XIAOTUFILENAME = "logo.png";
@Autowired @Autowired
public PackageController(PackageMapper packageMapper,SchoolPackageMapper schoolPackageMapper) { public PackageController(PackageMapper packageMapper, SchoolPackageMapper schoolPackageMapper) {
PackageController.packageMapper = packageMapper; PackageController.packageMapper = packageMapper;
PackageController.schoolPackageMapper = schoolPackageMapper; PackageController.schoolPackageMapper = schoolPackageMapper;
} }
/** /**
*
* @param id * @param id
* @param packageName * @param packageName
* @param name * @param name
...@@ -71,7 +72,7 @@ public class PackageController extends BaseController { ...@@ -71,7 +72,7 @@ public class PackageController extends BaseController {
* @return * @return
*/ */
@Permission(menuname = "添加套餐信息", value = "insert", method = RequestMethod.POST) @Permission(menuname = "添加套餐信息", value = "insert", method = RequestMethod.POST)
public ResponseData<String> insertPackage(@RequestParam("id") String id,@RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") int isXbCard public ResponseData<String> insertPackage(@RequestParam("id") String id, @RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") int isXbCard
, @RequestParam("monthFee") String monthFee, @RequestParam("flow") String flow, @RequestParam("voice") String voice , @RequestParam("monthFee") String monthFee, @RequestParam("flow") String flow, @RequestParam("voice") String voice
, @RequestParam("xbId") String xbId, @RequestParam("warmTip") String warmTip, @RequestParam("explains") String explains) { , @RequestParam("xbId") String xbId, @RequestParam("warmTip") String warmTip, @RequestParam("explains") String explains) {
Package aPackage = new Package(); Package aPackage = new Package();
...@@ -85,22 +86,21 @@ public class PackageController extends BaseController { ...@@ -85,22 +86,21 @@ public class PackageController extends BaseController {
aPackage.setWarmTip(warmTip); aPackage.setWarmTip(warmTip);
aPackage.setExplains(explains); aPackage.setExplains(explains);
Integer insert = packageMapper.insert(aPackage); Integer insert = packageMapper.insert(aPackage);
if (insert==1){ if (insert == 1) {
EntityWrapper<Package> packagewrapper = new EntityWrapper<>(); EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
packagewrapper.eq("id",aPackage.getId()); packagewrapper.eq("id", aPackage.getId());
String backgroundpath= DEFAULTPATH+ aPackage.getId()+"/"+FILENAME; String backgroundpath = DEFAULTPATH + aPackage.getId() + "/" + FILENAME;
String logopath = DEFAULTPATH+ aPackage.getId()+"/"+XIAOTUFILENAME; String logopath = DEFAULTPATH + aPackage.getId() + "/" + XIAOTUFILENAME;
packageMapper.updateForSet("adv_img ='"+backgroundpath+"' , logo= '" +logopath+"'" ,packagewrapper); packageMapper.updateForSet("adv_img ='" + backgroundpath + "' , logo= '" + logopath + "'", packagewrapper);
log.info("套餐信息新增完毕,id: {}",aPackage.getId()); log.info("套餐信息新增完毕,id: {}", aPackage.getId());
return ResponseData.success("新增完毕!"); return ResponseData.success("新增完毕!");
} }
log.info("套餐信息新增失败,id: {}",aPackage.getId()); log.info("套餐信息新增失败,id: {}", aPackage.getId());
return ResponseData.success("新增失败!"); return ResponseData.success("新增失败!");
} }
/** /**
*
* @param id * @param id
* @return * @return
*/ */
...@@ -109,18 +109,17 @@ public class PackageController extends BaseController { ...@@ -109,18 +109,17 @@ public class PackageController extends BaseController {
Integer integer = packageMapper.deleteById(id); Integer integer = packageMapper.deleteById(id);
//删除中间表信息 //删除中间表信息
EntityWrapper<SchoolPackage> schoolPackagewrapper = new EntityWrapper<>(); EntityWrapper<SchoolPackage> schoolPackagewrapper = new EntityWrapper<>();
schoolPackagewrapper.eq("package_id",id); schoolPackagewrapper.eq("package_id", id);
schoolPackageMapper.delete(schoolPackagewrapper); schoolPackageMapper.delete(schoolPackagewrapper);
if (integer==1){ if (integer == 1) {
log.info("套餐信息删除完毕,删除id: {}",id); log.info("套餐信息删除完毕,删除id: {}", id);
return ResponseData.success("删除完毕!"); return ResponseData.success("删除完毕!");
} }
log.info("套餐信息删除失败,删除id: {}",id); log.info("套餐信息删除失败,删除id: {}", id);
return ResponseData.success("删除失败!"); return ResponseData.success("删除失败!");
} }
/** /**
*
* @param id * @param id
* @param packageName * @param packageName
* @param name * @param name
...@@ -134,7 +133,7 @@ public class PackageController extends BaseController { ...@@ -134,7 +133,7 @@ public class PackageController extends BaseController {
* @return * @return
*/ */
@Permission(menuname = "修改套餐信息", value = "update", method = RequestMethod.POST) @Permission(menuname = "修改套餐信息", value = "update", method = RequestMethod.POST)
public ResponseData<String> updatePackage(@RequestParam("id") String id,@RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") String isXbCard public ResponseData<String> updatePackage(@RequestParam("id") String id, @RequestParam("packageName") String packageName, @RequestParam("name") String name, @RequestParam("isXbCard") String isXbCard
, @RequestParam("monthFee") String monthFee, @RequestParam("flow") String flow, @RequestParam("voice") String voice , @RequestParam("monthFee") String monthFee, @RequestParam("flow") String flow, @RequestParam("voice") String voice
, @RequestParam("xbId") String xbId, @RequestParam("warmTip") String warmTip, @RequestParam("explains") String explains) { , @RequestParam("xbId") String xbId, @RequestParam("warmTip") String warmTip, @RequestParam("explains") String explains) {
...@@ -151,10 +150,10 @@ public class PackageController extends BaseController { ...@@ -151,10 +150,10 @@ public class PackageController extends BaseController {
dataMapping.put("warm_tip", warmTip); dataMapping.put("warm_tip", warmTip);
dataMapping.put("explains", explains); dataMapping.put("explains", explains);
Integer integer = packageMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper); Integer integer = packageMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
if (integer==1){ if (integer == 1) {
log.info("成功修改完毕套餐信息"); log.info("成功修改完毕套餐信息");
return ResponseData.success("修改完毕!"); return ResponseData.success("修改完毕!");
}else{ } else {
log.info("修改失败套餐信息"); log.info("修改失败套餐信息");
return ResponseData.error("修改失败!"); return ResponseData.error("修改失败!");
} }
...@@ -163,7 +162,7 @@ public class PackageController extends BaseController { ...@@ -163,7 +162,7 @@ public class PackageController extends BaseController {
@Permission(menuname = "查询套餐信息", value = "list", method = RequestMethod.POST) @Permission(menuname = "查询套餐信息", value = "list", method = RequestMethod.POST)
public ResponseData<Page<Package>> listPackage(@RequestParam("name") String name, @RequestParam(name = "pageNo", required = false) int pageIndex, public ResponseData<Page<Package>> listPackage(@RequestParam("name") String name, @RequestParam(name = "pageNo", required = false) int pageIndex,
@RequestParam(name = "pageSize", required = false) int pageSize) { @RequestParam(name = "pageSize", required = false) int pageSize) {
Wrapper<Package> wrapper = new EntityWrapper(); Wrapper<Package> wrapper = new EntityWrapper();
wrapper.like(StringUtils.isNotBlank(name), "package_name", name, SqlLike.DEFAULT); wrapper.like(StringUtils.isNotBlank(name), "package_name", name, SqlLike.DEFAULT);
Page<Package> page = new Page<>(pageIndex, pageSize); Page<Package> page = new Page<>(pageIndex, pageSize);
...@@ -173,11 +172,11 @@ public class PackageController extends BaseController { ...@@ -173,11 +172,11 @@ public class PackageController extends BaseController {
} }
@Permission(menuname = "套餐全称列表", value = "packageAllList", method = RequestMethod.POST) @Permission(menuname = "套餐全称列表", value = "packageAllList", method = RequestMethod.POST)
public ResponseData<List<String>>packageAll() { public ResponseData<List<String>> packageAll() {
ArrayList<String> arrayList = new ArrayList<>(); ArrayList<String> arrayList = new ArrayList<>();
final List<Map<String, Object>> maps = packageMapper.packageAll(); final List<Map<String, Object>> maps = packageMapper.packageAll();
for (Map<String, Object> map : maps) { for (Map<String, Object> map : maps) {
if (map!=null){ if (map != null) {
arrayList.add(map.get("cdmaDiscDesc").toString()); arrayList.add(map.get("cdmaDiscDesc").toString());
} }
} }
...@@ -186,50 +185,82 @@ public class PackageController extends BaseController { ...@@ -186,50 +185,82 @@ public class PackageController extends BaseController {
@Permission(menuname = "上传背景图", value = "backgroundUpload", method = RequestMethod.POST) @Permission(menuname = "上传背景图", value = "backgroundUpload", method = RequestMethod.POST)
public ResponseData<String>backgroundUpload(@RequestParam(value = "file") MultipartFile file,@RequestParam(value = "id",required = false) String id) { public ResponseData<String> backgroundUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id", required = false) String id) {
String subfix = ""; String subfix = "";
String backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH+"/"; String backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH + "/";
if (StringUtils.isBlank(id)){ if (StringUtils.isBlank(id)) {
EntityWrapper<Package> packagewrapper = new EntityWrapper<>(); EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
packagewrapper.setSqlSelect("max(id) as id"); packagewrapper.setSqlSelect("max(id) as id");
List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper); List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper);
id = selectMaps.get(0).get("id").toString(); id = selectMaps.get(0).get("id").toString();
Integer fileid = Integer.valueOf(id)+1; Integer fileid = Integer.valueOf(id) + 1;
subfix = fileid.toString(); subfix = fileid.toString();
}else { } else {
subfix = id; subfix = id;
} }
backgroundpath = backgroundpath + subfix.replace(".", ""). backgroundpath = backgroundpath + subfix.replace(".", "").
replace("/","") replace("/", "").replace("\\", "");
.replace("\\",""); File dir = new File(backgroundpath);
boolean makefile = FileUtil.makefile(backgroundpath, file,FILENAME); if (!dir.exists()) {
if (!makefile){ dir.mkdirs();
return ResponseData.error("上传失败!"); }
File savePath = new File(dir, FILENAME);
OutputStream os = null;
try {
os = new FileOutputStream(savePath);
os.write(file.getBytes());
os.flush();
return ResponseData.success("上传成功");
} catch (Exception e) {
log.error("上传文件失败:" + e.getMessage(), e);
return ResponseData.error("上传失败!" + e.getMessage());
} finally {
if (os != null) {
try {
os.close();
} catch (Exception e) {
}
}
} }
return ResponseData.success("上传成功" );
} }
//xiaotudUpload
//xiaotudUpload
@Permission(menuname = "上传小图", value = "xiaotuUpload", method = RequestMethod.POST) @Permission(menuname = "上传小图", value = "xiaotuUpload", method = RequestMethod.POST)
public ResponseData<String>xiaotuUpload(@RequestParam(value = "file") MultipartFile file,@RequestParam(value = "id",required = false) String id) { public ResponseData<String> xiaotuUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id", required = false) String id) {
String subfix = ""; String subfix = "";
String backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH+"/"; String backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH + "/";
if (StringUtils.isBlank(id)){ if (StringUtils.isBlank(id)) {
EntityWrapper<Package> packagewrapper = new EntityWrapper<>(); EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
packagewrapper.setSqlSelect("max(id) as id"); packagewrapper.setSqlSelect("max(id) as id");
List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper); List<Map<String, Object>> selectMaps = packageMapper.selectMaps(packagewrapper);
id = selectMaps.get(0).get("id").toString(); id = selectMaps.get(0).get("id").toString();
Integer fileid = Integer.valueOf(id)+1; Integer fileid = Integer.valueOf(id) + 1;
subfix = fileid.toString(); subfix = fileid.toString();
}else { } else {
subfix = id; subfix = id;
} }
boolean makefile = FileUtil.makefile(backgroundpath, file,XIAOTUFILENAME); File dir = new File(backgroundpath);
if (!makefile){ if (!dir.exists()) {
return ResponseData.error("上传失败!"); dir.mkdirs();
} }
return ResponseData.success("上传成功" ); File savePath = new File(dir, XIAOTUFILENAME);
} OutputStream os = null;
try {
os = new FileOutputStream(savePath);
os.write(file.getBytes());
os.flush();
return ResponseData.success("上传成功");
} catch (Exception e) {
log.error("上传文件失败:" + e.getMessage(), e);
return ResponseData.error("上传失败!" + e.getMessage());
} finally {
if (os != null) {
try {
os.close();
} catch (Exception e) {
}
}
}
}
} }
service-manager/src/main/java/com/winsun/controller/SchoolManagementController.java
...@@ -29,6 +29,9 @@ import org.springframework.web.bind.annotation.RequestParam; ...@@ -29,6 +29,9 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
...@@ -244,17 +247,37 @@ public class SchoolManagementController extends BaseController { ...@@ -244,17 +247,37 @@ public class SchoolManagementController extends BaseController {
@Permission(menuname = "上传二维码", value = "qrcodeUpload", method = RequestMethod.POST) @Permission(menuname = "上传二维码", value = "qrcodeUpload", method = RequestMethod.POST)
public ResponseData<String>xiaotuUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id",required = false) String id) { public ResponseData<String>xiaotuUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id",required = false) String id) {
String backgroundpath= FilePath.BACKGROUNDIMG.getValue()+"/"+DEFAULTPATH; String backgroundpath = FilePath.BACKGROUNDIMG.getValue() + "/" + DEFAULTPATH;
boolean makefile = FileUtil.makefile(backgroundpath, file,id+FILENAME); File dir = new File(backgroundpath);
Wrapper<School> wrapper = new EntityWrapper<>(); if (!dir.exists()) {
wrapper.eq("id",id); dir.mkdirs();
Map<String, Object> map = new HashMap<>(); }
map.put("service_qrcode",backgroundpath+id+FILENAME); File savePath = new File(backgroundpath, id + FILENAME);
Integer integer = schoolMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(map), wrapper); OutputStream os = null;
if (integer!=1){ try {
return ResponseData.error("上传失败!"); os = new FileOutputStream(savePath);
os.write(file.getBytes());
os.flush();
Wrapper<School> wrapper = new EntityWrapper<>();
wrapper.eq("id",id);
Map<String, Object> map = new HashMap<>();
map.put("service_qrcode",backgroundpath+id+FILENAME);
Integer integer = schoolMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(map), wrapper);
if (integer!=1){
return ResponseData.error("上传失败!");
}
return ResponseData.success("上传成功" );
} catch (Exception e) {
log.error("上传文件失败:" + e.getMessage(), e);
return ResponseData.error("上传失败" + e.getMessage());
} finally {
if (os != null) {
try{
os.close();
}catch(Exception e) {}
}
} }
return ResponseData.success("上传成功" );
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment