删除处理存储型XSS

service-manager/src/main/java/com/winsun/service/impl/ExportExcelServiceImpl.java

@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.DataInputStream;
 import java.io.File;
 import java.io.FileInputStream;
+import java.text.SimpleDateFormat;
 
 /**
  * @author liph
@@ -25,7 +26,13 @@ public class ExportExcelServiceImpl implements ExportExcelService {
         ServletOutputStream os = null;
         try {
             os = response.getOutputStream();
-            fileInputStream = new FileInputStream(new File(exportExcel.getExportUrl()));
+            SimpleDateFormat format = new SimpleDateFormat("yyyyMMdd");
+            String formatPath = format.format(exportExcel.getCreateTime());
+            StringBuilder filePath = new StringBuilder();
+            filePath.append("enclosure").append(File.separator).append("export").append(File.separator)
+                    .append(formatPath).append(File.separator).append("订单")
+                    .append(exportExcel.getCreateTime().getTime()).append(".xls");
+            fileInputStream = new FileInputStream(new File(filePath.toString()));
             in = new DataInputStream(fileInputStream);
             int bytes = 0;
             byte[] bufferOut = new byte[1024];

task/src/main/java/com/winsun/service/ExportService.java

@@ -137,11 +137,11 @@ public class ExportService extends BaseController {
         columns.add("order_status");
         columns.add("user_type");
         columns.add("student_card_checkStatus");
+        final Date fileCreateTime = new Date();
         SimpleDateFormat format = new SimpleDateFormat("yyyyMMdd");
-        String formatPath = format.format(new Date());
+        String formatPath = format.format(fileCreateTime);
         String filePath = FilePath.IMPORTPATH.getValue()+formatPath;
-        String fileName = "订单"+new Date().getTime()+".xls";
-        String filePath1 = FilePath.IMPORTPATH.getValue()+formatPath+"/"+fileName;
+
         File dir = new File(filePath);
         if (!dir.exists()) {
             dir.mkdirs();
@@ -149,6 +149,16 @@ public class ExportService extends BaseController {
         FileOutputStream os = null;
         XSSFWorkbook workbook = null;
         try {
+
+            String fileName = "订单" + fileCreateTime.getTime() + ".xls";
+            String filePath1 = FilePath.IMPORTPATH.getValue()+formatPath+"/"+fileName;
+            ExportExcel exportExcel = new ExportExcel();
+            exportExcel.setCreateTime(fileCreateTime);
+            exportExcel.setCreateUser(Integer.parseInt(map.get("userId").toString()));
+            exportExcel.setCreateName(map.get("userName").toString());
+            exportExcel.setExportUrl(filePath1);
+            exportExcel.setFileName(fileName);
+
             workbook = new XSSFWorkbook();
             os = new FileOutputStream(filePath1);
             //创建工作表
@@ -182,12 +192,6 @@ public class ExportService extends BaseController {
                 }
             }
             workbook.write(os);
-            ExportExcel exportExcel = new ExportExcel();
-            exportExcel.setCreateTime(new Date());
-            exportExcel.setCreateUser(Integer.parseInt(map.get("userId").toString()));
-            exportExcel.setCreateName(map.get("userName").toString());
-            exportExcel.setExportUrl(filePath1);
-            exportExcel.setFileName(fileName);
             exportExcelMapper.insert(exportExcel);
         } catch (Exception e) {
             log.error("文件出错！" + e.getMessage(), e);