更新版本到 3.3.1

URLEncoder.encode(URLEncoder.encode(pdfFolder, uriEncoding).replaceAll("\+", "%20"), uriEncoding);
这里encode了两次，导致图片预览失败。

Dockerfile

@@ -28,5 +28,5 @@ ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
 ENV PATH $PATH:$JAVA_HOME/bin
 ENV LANG zh_CN.UTF-8
 ENV LC_ALL zh_CN.UTF-8
-ENV KKFILEVIEW_BIN_FOLDER /opt/kkFileView-3.3.0/bin
+ENV KKFILEVIEW_BIN_FOLDER /opt/kkFileView-3.3.1/bin
-ENTRYPOINT ["java","-Dfile.encoding=UTF-8","-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider","-Dspring.config.location=/opt/kkFileView-3.3.0/config/application.properties","-jar","/opt/kkFileView-3.3.0/bin/kkFileView-3.3.0.jar"]
+ENTRYPOINT ["java","-Dfile.encoding=UTF-8","-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider","-Dspring.config.location=/opt/kkFileView-3.3.1/config/application.properties","-jar","/opt/kkFileView-3.3.1/bin/kkFileView-3.3.1.jar"]

pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>cn.keking</groupId>
     <artifactId>filepreview</artifactId>
-    <version>3.3.0</version>
+    <version>3.3.1</version>
     <modules>
         <module>office-plugin</module>
         <module>server</module>

server/pom.xml

@@ -12,7 +12,7 @@
 
     <groupId>cn.keking</groupId>
     <artifactId>kkFileView</artifactId>
-    <version>3.3.0</version>
+    <version>3.3.1</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -56,12 +56,6 @@
             <groupId>cn.keking</groupId>
             <artifactId>office-plugin</artifactId>
             <version>1.0-SNAPSHOT</version>
-            <exclusions>
-                <exclusion>
-                    <artifactId>commons-io</artifactId>
-                    <groupId>commons-io</groupId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -77,7 +71,7 @@
         <dependency>
             <groupId>org.apache.poi</groupId>
             <artifactId>poi</artifactId>
-            <version>3.12</version>
+            <version>3.17</version>
         </dependency>
         <dependency>
             <groupId>org.apache.poi</groupId>
@@ -105,11 +99,6 @@
             <artifactId>fr.opensagres.xdocreport.document</artifactId>
             <version>1.0.5</version>
         </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.4</version>
-        </dependency>
         <!-- 解压(apache) -->
         <dependency>
             <groupId>org.apache.commons</groupId>

server/src/main/bin/startup.bat

@@ -6,4 +6,4 @@ echo Starting kkFileView...
 echo Please check log file in ../log/kkFileView.log for more information
 echo You can get help in our official homesite: https://kkFileView.keking.cn
 echo If this project is helpful to you, please star it on https://gitee.com/kekingcn/file-online-preview/stargazers
-java -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=..\config\application.properties -jar kkFileView-3.3.0.jar -> ..\log\kkFileView.log
+java -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=..\config\application.properties -jar kkFileView-3.3.1.jar -> ..\log\kkFileView.log

server/src/main/bin/startup.sh

@@ -29,4 +29,4 @@ echo "Starting kkFileView..."
 echo "Please execute ./showlog.sh to check log for more information"
 echo "You can get help in our official homesite: https://kkFileView.keking.cn"
 echo "If this project is helpful to you, please star it on https://gitee.com/kekingcn/file-online-preview/stargazers"
-nohup java -Dfile.encoding=UTF-8 -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=../config/application.properties -jar kkFileView-3.3.0.jar > ../log/kkFileView.log 2>&1 &
+nohup java -Dfile.encoding=UTF-8 -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=../config/application.properties -jar kkFileView-3.3.1.jar > ../log/kkFileView.log 2>&1 &

server/src/main/java/cn/keking/service/FileHandlerService.java

@@ -178,14 +178,15 @@ public class FileHandlerService {
         String pdfFolder = pdfName.substring(0, pdfName.length() - 4);
         String urlPrefix;
         try {
-            urlPrefix = baseUrl + URLEncoder.encode(URLEncoder.encode(pdfFolder, uriEncoding).replaceAll("\\+", "%20"), uriEncoding);
+            urlPrefix = baseUrl + URLEncoder.encode(pdfFolder, uriEncoding).replaceAll("\\+", "%20");
         } catch (UnsupportedEncodingException e) {
             logger.error("UnsupportedEncodingException", e);
             urlPrefix = baseUrl + pdfFolder;
         }
         if (imageCount != null && imageCount > 0) {
-            for (int i = 0; i < imageCount; i++)
+            for (int i = 0; i < imageCount; i++) {
                 imageUrls.add(urlPrefix + "/" + i + imageFileSuffix);
+            }
             return imageUrls;
         }
         try {

server/src/main/java/cn/keking/service/impl/CadFilePreviewImpl.java

@@ -35,7 +35,7 @@ public class CadFilePreviewImpl implements FilePreview {
     @Override
     public String filePreviewHandle(String url, Model model, FileAttribute fileAttribute) {
         // 预览Type，参数传了就取参数的，没传取系统默认
-        String officePreviewType = model.asMap().get("officePreviewType") == null ? ConfigConstants.getOfficePreviewType() : model.asMap().get("officePreviewType").toString();
+        String officePreviewType = fileAttribute.getOfficePreviewType() == null ? ConfigConstants.getOfficePreviewType() : fileAttribute.getOfficePreviewType();
         String baseUrl = BaseUrlFilter.getBaseUrl();
         String fileName = fileAttribute.getName();
         String pdfName = fileName.substring(0, fileName.lastIndexOf(".") + 1) + "pdf";

server/src/main/java/cn/keking/service/impl/SimTextFilePreviewImpl.java

@@ -5,8 +5,8 @@ import cn.keking.model.ReturnResponse;
 import cn.keking.service.FilePreview;
 import cn.keking.utils.DownloadUtils;
 import cn.keking.utils.KkFileUtils;
+import jodd.io.FileUtil;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.FileUtils;
 import org.springframework.stereotype.Service;
 import org.springframework.ui.Model;
 
@@ -36,7 +36,7 @@ public class SimTextFilePreviewImpl implements FilePreview {
         try {
             File originFile = new File(response.getContent());
             String charset = KkFileUtils.getFileEncode(originFile);
-            String fileData = FileUtils.readFileToString(originFile, charset);
+            String fileData = FileUtil.readString(originFile, charset);
             model.addAttribute("textData", Base64.encodeBase64String(fileData.getBytes()));
         } catch (IOException e) {
             return otherFilePreview.notSupportedFile(model, fileAttribute, e.getLocalizedMessage());

server/src/main/java/cn/keking/utils/DownloadUtils.java

@@ -4,7 +4,7 @@ import cn.keking.config.ConfigConstants;
 import cn.keking.model.FileAttribute;
 import cn.keking.model.ReturnResponse;
 import io.mola.galimatias.GalimatiasParseException;
-import org.apache.commons.io.FileUtils;
+import jodd.io.NetUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -39,7 +39,7 @@ public class DownloadUtils {
             URL url = WebUtils.normalizedURL(urlStr);
             if (isHttpUrl(url)) {
                 File realFile = new File(realPath);
-                FileUtils.copyURLToFile(url, realFile);
+                NetUtil.downloadFile(url.toString(),realFile);
             } else if (isFtpUrl(url)) {
                 String ftpUsername = WebUtils.getUrlParameterReg(fileAttribute.getUrl(), URL_PARAM_FTP_USERNAME);
                 String ftpPassword = WebUtils.getUrlParameterReg(fileAttribute.getUrl(), URL_PARAM_FTP_PASSWORD);

server/src/main/java/cn/keking/web/controller/FileController.java

@@ -15,7 +15,9 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.io.*;
+import java.nio.charset.StandardCharsets;
 import java.util.*;
+import org.springframework.web.util.HtmlUtils;
 
 /**
  *
@@ -36,6 +38,10 @@ public class FileController {
         // 获取文件名
         String fileName = file.getOriginalFilename();
         //判断是否为IE浏览器的文件名，IE浏览器下文件名会带有盘符信息
+        
+        // escaping dangerous characters to prevent XSS
+        fileName = HtmlUtils.htmlEscape(fileName, StandardCharsets.UTF_8.name());
+
         // Check for Unix-style path
         int unixSep = fileName.lastIndexOf('/');
         // Check for Windows-style path

server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java

@@ -8,9 +8,10 @@ import cn.keking.service.cache.CacheService;
 import cn.keking.service.impl.OtherFilePreviewImpl;
 import cn.keking.service.FileHandlerService;
 import cn.keking.utils.WebUtils;
+import fr.opensagres.xdocreport.core.io.IOUtils;
 import io.mola.galimatias.GalimatiasParseException;
+import jodd.io.NetUtil;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Controller;
@@ -24,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.*;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.List;
 
@@ -54,7 +56,7 @@ public class OnlinePreviewController {
     public String onlinePreview(String url, Model model, HttpServletRequest req) {
         String fileUrl;
         try {
-            fileUrl = new String(Base64.decodeBase64(url));
+            fileUrl = new String(Base64.decodeBase64(url), StandardCharsets.UTF_8);
         } catch (Exception ex) {
             String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
             return otherFilePreview.notSupportedFile(model, errorMsg);
@@ -103,7 +105,7 @@ public class OnlinePreviewController {
         logger.info("下载跨域pdf文件url：{}", urlPath);
         try {
             URL url = WebUtils.normalizedURL(urlPath);
-            byte[] bytes = IOUtils.toByteArray(url);
+            byte[] bytes = NetUtil.downloadBytes(url.toString());
             IOUtils.write(bytes, response.getOutputStream());
         } catch (IOException | GalimatiasParseException e) {
             logger.error("下载跨域pdf文件异常，url：{}", urlPath, e);

server/src/main/resources/web/fileNotSupported.ftl

@@ -32,7 +32,8 @@
 <div class="container">
     <img src="images/sorry.jpg" />
     <span>
-        该文件类型(${file.suffix})系统暂时不支持在线预览，<b>说明</b>：
+    该文件类型(${file.suffix?html})系统暂时不支持在线预览，<b>说明</b>：      
+    
         <p style="color: red;">${msg}</p>
         有任何疑问，请加&nbsp;<a href="https://jq.qq.com/?_wv=1027&k=5c0UAtu">官方QQ群：613025121</a>&nbsp;咨询
     </span>