尝试处理路径遍历的问题

de9a6c17 · 黎配弘 · 2b27a070 · de9a6c17
Commit de9a6c17 authored Oct 19, 2020 by 黎配弘
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 4 deletions

service-manager/src/main/java/com/winsun/controller/PackageController.java
+8 -4

No files found.
--- a/service-manager/src/main/java/com/winsun/controller/PackageController.java
+++ b/service-manager/src/main/java/com/winsun/controller/PackageController.java
@@ -44,12 +44,12 @@ public class PackageController extends BaseController {
    private static SchoolPackageMapper schoolPackageMapper;

    //默认路径
-    private static String DEFAULTPATH = "/images/pkg/";
+    private static final String DEFAULTPATH = "/images/pkg/";


-    private static String FILENAME = "adv_img.jpg";
+    private static final String FILENAME = "adv_img.jpg";

-    private static String XIAOTUFILENAME = "logo.png";
+    private static final String XIAOTUFILENAME = "logo.png";


    @Autowired
@@ -186,8 +186,12 @@ public class PackageController extends BaseController {

    @Permission(menuname = "上传背景图", value = "backgroundUpload", method = RequestMethod.POST)
    public ResponseData<String> backgroundUpload(@RequestParam(value = "file") MultipartFile file, @RequestParam(value = "id", required = false) int id) {
+        if(!StringUtils.endsWithAny(file.getOriginalFilename(), "jpg", "jpeg", "png", "gif")) {
+            return ResponseData.error("上传失败，不允许的文件格式");
+        }
+
        StringBuilder basePath = new StringBuilder();
-        basePath.append(FilePath.BACKGROUNDIMG.getValue()).append(File.separator).append(DEFAULTPATH).append(File.separator);
+        basePath.append("enclosure").append(File.separator).append(DEFAULTPATH).append(File.separator);
        if (id < 1) {
            EntityWrapper<Package> packagewrapper = new EntityWrapper<>();
            packagewrapper.setSqlSelect("max(id) as id");