中文URL参数解码

server/src/main/java/cn/keking/utils/WebUtils.java

@@ -8,6 +8,7 @@ import javax.servlet.ServletRequest;
 import java.io.UnsupportedEncodingException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
@@ -157,16 +158,16 @@ public class WebUtils {
         String currentUrl = request.getParameter("currentUrl");
         String urlPath = request.getParameter("urlPath");
         if (StringUtils.isNotBlank(url)) {
-            return decodeBase64String(url);
+            return decodeUrl(url);
         }
         if (StringUtils.isNotBlank(currentUrl)) {
-            return decodeBase64String(currentUrl);
+            return decodeUrl(currentUrl);
         }
         if (StringUtils.isNotBlank(urlPath)) {
-            return decodeBase64String(urlPath);
+            return decodeUrl(urlPath);
         }
         if (StringUtils.isNotBlank(urls)) {
-            urls = decodeBase64String(urls);
+            urls = decodeUrl(urls);
             String[] images = urls.split("\\|");
             return images[0];
         }
@@ -174,12 +175,20 @@ public class WebUtils {
     }
 
     /**
-     * 将 Base64 字符串解码，默认使用 UTF-8
+     * 将 Base64 字符串解码，再解码URL参数, 默认使用 UTF-8
      * @param source 原始 Base64 字符串
      * @return decoded string
+     *
+     * aHR0cHM6Ly9maWxlLmtla2luZy5jbi9kZW1vL%2BS4reaWhy5wcHR4 -> https://file.keking.cn/demo/%E4%B8%AD%E6%96%87.pptx -> https://file.keking.cn/demo/中文.pptx
      */
-    public static String decodeBase64String(String source) {
-        return decodeBase64String(source, StandardCharsets.UTF_8);
+    public static String decodeUrl(String source) {
+        String url = decodeBase64String(source, StandardCharsets.UTF_8);
+        try {
+            url = URLDecoder.decode(url, StandardCharsets.UTF_8.name());
+        } catch (UnsupportedEncodingException e) {
+            throw new RuntimeException(e);
+        }
+        return url;
     }
 
     /**

server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java

@@ -56,7 +56,7 @@ public class OnlinePreviewController {
     public String onlinePreview(String url, Model model, HttpServletRequest req) {
         String fileUrl;
         try {
-            fileUrl = WebUtils.decodeBase64String(url);
+            fileUrl = WebUtils.decodeUrl(url);
         } catch (Exception ex) {
             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
             return otherFilePreview.notSupportedFile(model, errorMsg);
@@ -72,20 +72,18 @@ public class OnlinePreviewController {
     public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
         String fileUrls;
         try {
-            fileUrls = WebUtils.decodeBase64String(urls);
+            fileUrls = WebUtils.decodeUrl(urls);
             // 防止XSS攻击
             fileUrls = HtmlUtils.htmlEscape(fileUrls);
         } catch (Exception ex) {
             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls");
             return otherFilePreview.notSupportedFile(model, errorMsg);
         }
-
         logger.info("预览文件url：{}，urls：{}", fileUrls, urls);
         // 抽取文件并返回文件列表
         String[] images = fileUrls.split("\\|");
         List<String> imgUrls = Arrays.asList(images);
         model.addAttribute("imgUrls", imgUrls);
-
         String currentUrl = req.getParameter("currentUrl");
         if (StringUtils.hasText(currentUrl)) {
             String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl));
@@ -106,7 +104,7 @@ public class OnlinePreviewController {
     @GetMapping("/getCorsFile")
     public void getCorsFile(String urlPath, HttpServletResponse response) {
         try {
-            urlPath = WebUtils.decodeBase64String(urlPath);
+            urlPath = WebUtils.decodeUrl(urlPath);
         } catch (Exception ex) {
             logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
             return;
@@ -116,7 +114,6 @@ public class OnlinePreviewController {
             logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
             return;
         }
-
         logger.info("下载跨域pdf文件url：{}", urlPath);
         try {
             URL url = WebUtils.normalizedURL(urlPath);