|
|
@ -16,6 +16,8 @@ import org.apache.http.entity.mime.MultipartEntityBuilder;
|
|
|
import org.apache.http.impl.client.CloseableHttpClient;
|
|
|
import org.apache.http.impl.client.HttpClientBuilder;
|
|
|
import org.apache.http.util.EntityUtils;
|
|
|
import org.apache.pdfbox.pdmodel.PDDocument;
|
|
|
import org.apache.pdfbox.text.PDFTextStripper;
|
|
|
import org.apache.poi.util.IOUtils;
|
|
|
import org.slf4j.Logger;
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
@ -81,6 +83,10 @@ public class FileUploadService {
|
|
|
if (!isFileFlag(fileType)){
|
|
|
throw new FileWrongFormatException("不符合文件上传格式");
|
|
|
}
|
|
|
// PDDocument document = PDDocument.load(inputStream);
|
|
|
// if (containsXSS(document)){
|
|
|
// throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本!");
|
|
|
// }
|
|
|
|
|
|
long max = 5*1024*1024;
|
|
|
if(fileSize > max){
|
|
|
@ -167,6 +173,10 @@ public class FileUploadService {
|
|
|
if (!isFileFlag(fileType)){
|
|
|
throw new FileWrongFormatException("不符合文件上传格式");
|
|
|
}
|
|
|
// PDDocument document = PDDocument.load(inputStream);
|
|
|
// if (containsXSS(document)){
|
|
|
// throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本!");
|
|
|
// }
|
|
|
//上传到fastdfs
|
|
|
ObjectNode objectNode = fastDFSHelper.upload(inputStream, fileType, "");
|
|
|
//解析返回的objectNode
|
|
|
@ -210,6 +220,10 @@ public class FileUploadService {
|
|
|
if (!isFileFlag(type)){
|
|
|
throw new FileWrongFormatException("不符合文件上传格式");
|
|
|
}
|
|
|
// PDDocument document = PDDocument.load(multipartFile.getInputStream());
|
|
|
// if (containsXSS(document)){
|
|
|
// throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本!");
|
|
|
// }
|
|
|
|
|
|
String response = request(wlyyUrl + "/upload/chat", multipartFile, type);
|
|
|
org.json.JSONObject rs = new org.json.JSONObject(response);
|
|
|
@ -519,6 +533,10 @@ public class FileUploadService {
|
|
|
if (!isFileFlag(type)){
|
|
|
throw new FileWrongFormatException("不符合文件上传格式");
|
|
|
}
|
|
|
// PDDocument document = PDDocument.load(file.getInputStream());
|
|
|
// if (containsXSS(document)){
|
|
|
// throw new FileWrongFormatException("该PDF文件包含XSS攻击脚本!");
|
|
|
// }
|
|
|
HttpEntity entity = builder.build();
|
|
|
httpPost.setEntity(entity);
|
|
|
HttpResponse response = httpClient.execute(httpPost);// 执行提交
|
|
|
@ -667,11 +685,20 @@ public class FileUploadService {
|
|
|
logger.info(type);
|
|
|
List img = new ArrayList(Arrays.asList("jpeg","bmp", "jpg", "png", "tif", "gif", "pcx", "tga", "exif", "fpx","psd",
|
|
|
"cdr", "pcd", "dxf", "ufo", "eps", "ai", "raw", "WMF", "webp","xls","xlsx","text/plain","mp3","mp4","m4v","avi",
|
|
|
"ogm","wmv","mpg","webm","ogv","mov","asx","mpeg","image/png","amr","doc","docx","pdf"));
|
|
|
"ogm","wmv","mpg","webm","ogv","mov","asx","mpeg","image/png","amr","doc","docx"));
|
|
|
if (!img.contains(type)) {
|
|
|
return false;
|
|
|
}
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
public boolean containsXSS(PDDocument document) throws IOException {
|
|
|
PDFTextStripper pdfStripper = new PDFTextStripper();
|
|
|
String text = pdfStripper.getText(document);
|
|
|
|
|
|
// 检测文本中是否包含恶意脚本
|
|
|
return text.contains("<script>") || text.contains("javascript:") || text.contains("alert");
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
wangzhinan