2 年前 · 883b45f201
--- a/server/src/main/java/cn/keking/utils/WebUtils.java
+++ b/server/src/main/java/cn/keking/utils/WebUtils.java
@@ -8,6 +8,7 @@ import javax.servlet.ServletRequest;
 
				 import java.io.UnsupportedEncodingException;
			
 
				 import java.net.MalformedURLException;
			
 
				 import java.net.URL;
			
 
				+import java.net.URLDecoder;
			
 
				 import java.net.URLEncoder;
			
 
				 import java.nio.charset.Charset;
			
 
				 import java.nio.charset.StandardCharsets;
			
@@ -157,16 +158,16 @@ public class WebUtils {
 
				         String currentUrl = request.getParameter("currentUrl");
			
 
				         String urlPath = request.getParameter("urlPath");
			
 
				         if (StringUtils.isNotBlank(url)) {
			
 
				-            return decodeBase64String(url);
			
 
				+            return decodeUrl(url);
			
 
				         }
			
 
				         if (StringUtils.isNotBlank(currentUrl)) {
			
 
				-            return decodeBase64String(currentUrl);
			
 
				+            return decodeUrl(currentUrl);
			
 
				         }
			
 
				         if (StringUtils.isNotBlank(urlPath)) {
			
 
				-            return decodeBase64String(urlPath);
			
 
				+            return decodeUrl(urlPath);
			
 
				         }
			
 
				         if (StringUtils.isNotBlank(urls)) {
			
 
				-            urls = decodeBase64String(urls);
			
 
				+            urls = decodeUrl(urls);
			
 
				             String[] images = urls.split("\\|");
			
 
				             return images[0];
			
 
				         }
			
@@ -174,12 +175,20 @@ public class WebUtils {
 
				     }
			
 
				 
			
 
				     /**
			
 
				-     * 将 Base64 字符串解码，默认使用 UTF-8
			
 
				+     * 将 Base64 字符串解码，再解码URL参数, 默认使用 UTF-8
			
 
				      * @param source 原始 Base64 字符串
			
 
				      * @return decoded string
			
 
				+     *
			
 
				+     * aHR0cHM6Ly9maWxlLmtla2luZy5jbi9kZW1vL%2BS4reaWhy5wcHR4 -> https://file.keking.cn/demo/%E4%B8%AD%E6%96%87.pptx -> https://file.keking.cn/demo/中文.pptx
			
 
				      */
			
 
				-    public static String decodeBase64String(String source) {
			
 
				-        return decodeBase64String(source, StandardCharsets.UTF_8);
			
 
				+    public static String decodeUrl(String source) {
			
 
				+        String url = decodeBase64String(source, StandardCharsets.UTF_8);
			
 
				+        try {
			
 
				+            url = URLDecoder.decode(url, StandardCharsets.UTF_8.name());
			
 
				+        } catch (UnsupportedEncodingException e) {
			
 
				+            throw new RuntimeException(e);
			
 
				+        }
			
 
				+        return url;
			
 
				     }
			
 
				 
			
 
				     /**
			
--- a/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
+++ b/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java
@@ -56,7 +56,7 @@ public class OnlinePreviewController {
 
				     public String onlinePreview(String url, Model model, HttpServletRequest req) {
			
 
				         String fileUrl;
			
 
				         try {
			
 
				-            fileUrl = WebUtils.decodeBase64String(url);
			
 
				+            fileUrl = WebUtils.decodeUrl(url);
			
 
				         } catch (Exception ex) {
			
 
				             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
			
 
				             return otherFilePreview.notSupportedFile(model, errorMsg);
			
@@ -72,20 +72,18 @@ public class OnlinePreviewController {
 
				     public String picturesPreview(String urls, Model model, HttpServletRequest req) throws UnsupportedEncodingException {
			
 
				         String fileUrls;
			
 
				         try {
			
 
				-            fileUrls = WebUtils.decodeBase64String(urls);
			
 
				+            fileUrls = WebUtils.decodeUrl(urls);
			
 
				             // 防止XSS攻击
			
 
				             fileUrls = HtmlUtils.htmlEscape(fileUrls);
			
 
				         } catch (Exception ex) {
			
 
				             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "urls");
			
 
				             return otherFilePreview.notSupportedFile(model, errorMsg);
			
 
				         }
			
 
				-
			
 
				         logger.info("预览文件url：{}，urls：{}", fileUrls, urls);
			
 
				         // 抽取文件并返回文件列表
			
 
				         String[] images = fileUrls.split("\\|");
			
 
				         List<String> imgUrls = Arrays.asList(images);
			
 
				         model.addAttribute("imgUrls", imgUrls);
			
 
				-
			
 
				         String currentUrl = req.getParameter("currentUrl");
			
 
				         if (StringUtils.hasText(currentUrl)) {
			
 
				             String decodedCurrentUrl = new String(Base64.decodeBase64(currentUrl));
			
@@ -106,7 +104,7 @@ public class OnlinePreviewController {
 
				     @GetMapping("/getCorsFile")
			
 
				     public void getCorsFile(String urlPath, HttpServletResponse response) {
			
 
				         try {
			
 
				-            urlPath = WebUtils.decodeBase64String(urlPath);
			
 
				+            urlPath = WebUtils.decodeUrl(urlPath);
			
 
				         } catch (Exception ex) {
			
 
				             logger.error(String.format(BASE64_DECODE_ERROR_MSG, urlPath),ex);
			
 
				             return;
			
@@ -116,7 +114,6 @@ public class OnlinePreviewController {
 
				             logger.info("读取跨域文件异常，可能存在非法访问，urlPath：{}", urlPath);
			
 
				             return;
			
 
				         }
			
 
				-
			
 
				         logger.info("下载跨域pdf文件url：{}", urlPath);
			
 
				         try {
			
 
				             URL url = WebUtils.normalizedURL(urlPath);