文件上传

zrch-risk-server-39/jeecg-module-system/jeecg-module-stm/src/main/java/org/jeecg/modules/stm/baosong/controller/CreateXmlFile.java

@@ -4,6 +4,7 @@ import org.jeecg.common.util.DateUtils;
 import org.jeecg.modules.stm.baosong.entity.BaosongTask;
 import org.jeecg.modules.stm.baosong.entity.BaosongTpl;
 
+import org.jeecg.modules.stm.utils.DirectoryUtil;
 import org.w3c.dom.Comment;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -107,9 +108,17 @@ public class CreateXmlFile {
             transformer.setOutputProperty(OutputKeys.INDENT, "yes");
             transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
             DOMSource source = new DOMSource(doc);
-            StreamResult result = new StreamResult(new File(filePath));
-            transformer.transform(source, result);
-            System.out.println("XML 文件生成成功！");
+
+            String dirPath = filePath.substring(0,filePath.lastIndexOf("/"));
+            Boolean pathIsEsixt = DirectoryUtil.ensureDirectoryExists(dirPath);
+            if(pathIsEsixt) {
+                StreamResult result = new StreamResult(new File(filePath));
+                transformer.transform(source, result);
+                System.out.println("XML 文件生成成功！");
+            } else {
+                System.out.println("XML 生成失败");
+            }
+
 
         } catch (Exception e) {
             e.printStackTrace();

zrch-risk-server-39/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java

@@ -25,6 +25,8 @@ import org.springframework.web.servlet.ModelAndView;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.*;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * <p>
@@ -99,6 +101,50 @@ public class CommonController {
         return result;
     }
 
+    @PostMapping(value = "/upload35")
+    public Result<?> upload35(HttpServletRequest request, HttpServletResponse response)  throws Exception {
+        Result<?> result = new Result<>();
+        String savePath = "";
+        String bizPath = request.getParameter("biz");
+        String uuid = request.getParameter("uuid");
+        Map<String,Object> retData = new HashMap<>();
+        retData.put("uuid",uuid);
+        //LOWCOD-2580 sys/common/upload接口存在任意文件上传漏洞
+        if (oConvertUtils.isNotEmpty(bizPath)) {
+            if(bizPath.contains(SymbolConstant.SPOT_SINGLE_SLASH) || bizPath.contains(SymbolConstant.SPOT_DOUBLE_BACKSLASH)){
+                throw new JeecgBootException("上传目录bizPath，格式非法！");
+            }
+        }
+
+        MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
+        // 获取上传文件对象
+        MultipartFile file = multipartRequest.getFile("file");
+        if(oConvertUtils.isEmpty(bizPath)){
+            if(CommonConstant.UPLOAD_TYPE_OSS.equals(uploadType)){
+                bizPath = "upload";
+            }else{
+                bizPath = "";
+            }
+        }
+        if(CommonConstant.UPLOAD_TYPE_LOCAL.equals(uploadType)){
+            savePath = this.uploadLocal(file,bizPath);
+        }else{
+            savePath = CommonUtils.upload(file, bizPath, uploadType);
+        }
+        if(oConvertUtils.isNotEmpty(savePath)){;
+
+            retData.put("author","");
+            retData.put("detail",new HashMap());
+            retData.put("url",savePath);
+            return  Result.ok(retData,savePath);
+        }else {
+            result.setMessage("上传失败！");
+            result.setSuccess(false);
+            return  result;
+        }
+
+    }
+
     /**
      * 本地文件上传
      * @param mf 文件
@@ -231,63 +277,63 @@ public class CommonController {
 
     }
 
-//	/**
-//	 * 下载文件
-//	 * 请求地址：http://localhost:8080/common/download/{user/20190119/e1fe9925bc315c60addea1b98eb1cb1349547719_1547866868179.jpg}
-//	 *
-//	 * @param request
-//	 * @param response
-//	 * @throws Exception
-//	 */
-//	@GetMapping(value = "/download/**")
-//	public void download(HttpServletRequest request, HttpServletResponse response) throws Exception {
-//		// ISO-8859-1 ==> UTF-8 进行编码转换
-//		String filePath = extractPathFromPattern(request);
-//		// 其余处理略
-//		InputStream inputStream = null;
-//		OutputStream outputStream = null;
-//		try {
-//			filePath = filePath.replace("..", "");
-//			if (filePath.endsWith(",")) {
-//				filePath = filePath.substring(0, filePath.length() - 1);
-//			}
-//			String localPath = uploadpath;
-//			String downloadFilePath = localPath + File.separator + filePath;
-//			File file = new File(downloadFilePath);
-//	         if (file.exists()) {
-//	         	response.setContentType("application/force-download");// 设置强制下载不打开            
-//	 			response.addHeader("Content-Disposition", "attachment;fileName=" + new String(file.getName().getBytes("UTF-8"),"iso-8859-1"));
-//	 			inputStream = new BufferedInputStream(new FileInputStream(file));
-//	 			outputStream = response.getOutputStream();
-//	 			byte[] buf = new byte[1024];
-//	 			int len;
-//	 			while ((len = inputStream.read(buf)) > 0) {
-//	 				outputStream.write(buf, 0, len);
-//	 			}
-//	 			response.flushBuffer();
-//	         }
-//
-//		} catch (Exception e) {
-//			log.info("文件下载失败" + e.getMessage());
-//			// e.printStackTrace();
-//		} finally {
-//			if (inputStream != null) {
-//				try {
-//					inputStream.close();
-//				} catch (IOException e) {
-//					e.printStackTrace();
-//				}
-//			}
-//			if (outputStream != null) {
-//				try {
-//					outputStream.close();
-//				} catch (IOException e) {
-//					e.printStackTrace();
-//				}
-//			}
-//		}
-//
-//	}
+	/**
+	 * 下载文件
+	 * 请求地址：http://localhost:8080/common/download/{user/20190119/e1fe9925bc315c60addea1b98eb1cb1349547719_1547866868179.jpg}
+	 *
+	 * @param request
+	 * @param response
+	 * @throws Exception
+	 */
+	@GetMapping(value = "/download/**")
+	public void download(HttpServletRequest request, HttpServletResponse response) throws Exception {
+		// ISO-8859-1 ==> UTF-8 进行编码转换
+		String filePath = extractPathFromPattern(request);
+		// 其余处理略
+		InputStream inputStream = null;
+		OutputStream outputStream = null;
+		try {
+			filePath = filePath.replace("..", "");
+			if (filePath.endsWith(",")) {
+				filePath = filePath.substring(0, filePath.length() - 1);
+			}
+			String localPath = uploadpath;
+			String downloadFilePath = localPath + File.separator + filePath;
+			File file = new File(downloadFilePath);
+	         if (file.exists()) {
+	         	response.setContentType("application/force-download");// 设置强制下载不打开            
+	 			response.addHeader("Content-Disposition", "attachment;fileName=" + new String(file.getName().getBytes("UTF-8"),"iso-8859-1"));
+	 			inputStream = new BufferedInputStream(new FileInputStream(file));
+	 			outputStream = response.getOutputStream();
+	 			byte[] buf = new byte[1024];
+	 			int len;
+	 			while ((len = inputStream.read(buf)) > 0) {
+	 				outputStream.write(buf, 0, len);
+	 			}
+	 			response.flushBuffer();
+	         }
+
+		} catch (Exception e) {
+			log.info("文件下载失败" + e.getMessage());
+			// e.printStackTrace();
+		} finally {
+			if (inputStream != null) {
+				try {
+					inputStream.close();
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+			if (outputStream != null) {
+				try {
+					outputStream.close();
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+		}
+
+	}
 
     /**
      * @功能：pdf预览Iframe

zrch-risk-server-39/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -12,7 +12,6 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.jeecg.common.api.vo.Result;
 import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;