解决教学平台上文件中存在无扩展名BUG的办法

Jfinal中添加过滤器声明

    public void configHandler(Handlers me) 
    {
        me.add(new XssHandler());
    }
    

 

过滤器

package com.demo.common.config;


import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.jfinal.handler.Handler;

/**
 * 统一XSS处理
 */
public class XssHandler extends Handler
{

    @Override
    public void handle(String target, HttpServletRequest request,
                       HttpServletResponse response, boolean[] isHandled)
    {
        
        System.out.println(target);
        
        if(target.equals("/css/2222"))
        {
            String abc=target.replaceAll("/", "\\\\"); //这里是为什么要加4个???\\\\
String path
="C:\\Users\\Administrator\\Desktop\\jfinal_demo\\WebRoot"+abc; try { response.setHeader("Content-Type","application/octet-stream"); response.setHeader("content-disposition", "attachment;filename=" + URLEncoder.encode("2222", "UTF-8")); InputStream in = null ; OutputStream out = null ; try { in = new FileInputStream(path); //获取文件的流 int len = 0; byte buf[] = new byte[1024];//缓存作用 out = response.getOutputStream();//输出流 while( (len = in.read(buf)) > 0 ) //切忌这后面不能加 分号 ”;“ { out.write(buf, 0, len);//向客户端输出,实际是把数据存放在response中,然后web服务器再去response中读取 } } catch (FileNotFoundException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(in!=null) { try{ in.close(); }catch(IOException e){ e.printStackTrace(); } } if(out!=null) { try{ out.close(); }catch(IOException e){ e.printStackTrace(); } } } } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } } //System.out.println("target -> " + target); // 对于非静态文件,和非指定排除的url实现过滤 /* if (!target.contains(".") && !target.startsWith(exclude)) { System.out.println("target -> " + target); request = new HttpServletRequestWrapper(request); } nextHandler.handle(target, request, response, isHandled);*/ } }

 

你可能感兴趣的:(解决教学平台上文件中存在无扩展名BUG的办法)