base/file-online-preview
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: base:xss
Branches Tags
base:master base:demo base:klboke-patch-1 base:xmind base:pom base:dependabot/maven/server/org.apache.poi-poi-scratchpad-5.2.1 base:dependabot/maven/server/org.apache.poi-poi-4.1.1 base:localDir base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.19 base:dependabot/maven/server/com.github.junrar-junrar-7.4.1 base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.18 base:dependabot/maven/server/org.apache.commons-commons-compress-1.21 base:3.6.0 base:fix-ofd base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.17 base:dependabot/maven/office-plugin/commons-io-commons-io-2.7 base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.16 base:xss base:jodd base:io base:watermark base:md-ui base:index-ui base:url base:log base:test base:releases base:flv base:return base:utils base:compress base:urlencoding base:klencoding base:encoding base:office base:md base:dependabot/maven/jodconverter-web/com.thoughtworks.xstream-xstream-1.4.13-java7
base:v4.4.0 base:v4.4.0-beta base:v4.3.0 base:v4.2.1 base:v4.2.0 base:v4.1.0 base:v4.0.0 base:v3.6.0 base:v3.5.1 base:v3.5 base:v3.3.1 base:v3.3.0 base:v2.2.1 base:v2.2.0 base:v2.2.0-SNAPSHOT base:v2.1.2 base:v2.1.1 base:v2.1.0 base:v2.0.2 base:v2.0.1 base:v2.0 base:v1.1 base:v1.0 base:0.0.2 base:v0.0.2
...
compare: base:v3.3.1
Branches Tags
base:master base:demo base:klboke-patch-1 base:xmind base:pom base:dependabot/maven/server/org.apache.poi-poi-scratchpad-5.2.1 base:dependabot/maven/server/org.apache.poi-poi-4.1.1 base:localDir base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.19 base:dependabot/maven/server/com.github.junrar-junrar-7.4.1 base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.18 base:dependabot/maven/server/org.apache.commons-commons-compress-1.21 base:3.6.0 base:fix-ofd base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.17 base:dependabot/maven/office-plugin/commons-io-commons-io-2.7 base:dependabot/maven/server/com.thoughtworks.xstream-xstream-1.4.16 base:xss base:jodd base:io base:watermark base:md-ui base:index-ui base:url base:log base:test base:releases base:flv base:return base:utils base:compress base:urlencoding base:klencoding base:encoding base:office base:md base:dependabot/maven/jodconverter-web/com.thoughtworks.xstream-xstream-1.4.13-java7
base:v4.4.0 base:v4.4.0-beta base:v4.3.0 base:v4.2.1 base:v4.2.0 base:v4.1.0 base:v4.0.0 base:v3.6.0 base:v3.5.1 base:v3.5 base:v3.3.1 base:v3.3.0 base:v2.2.1 base:v2.2.0 base:v2.2.0-SNAPSHOT base:v2.1.2 base:v2.1.1 base:v2.1.0 base:v2.0.2 base:v2.0.1 base:v2.0 base:v1.1 base:v1.0 base:0.0.2 base:v0.0.2

3 Commits
xss ... v3.3.1

Author SHA1 Message Date
kl
3531af4a46 更新版本到 3.3.1 2021-01-28 09:29:18 +08:00
范青锋
b2f6fb3a00 修复重复编码导致文档转图片预览失败的问题&编码规范 
URLEncoder.encode(URLEncoder.encode(pdfFolder, uriEncoding).replaceAll("\+", "%20"), uriEncoding);
这里encode了两次,导致图片预览失败。
 2021-01-23 14:09:16 +08:00
chenkailing
996da0862c 移除 Apache-common-text 包,采用 spring 内置的 HtmlUtils 处理 xss 问题 2021-01-23 13:13:29 +08:00
7 changed files with 13 additions and 15 deletions
Expand all files Collapse all files

4
Dockerfile
View File

@ -28,5 +28,5 @@ ENV CLASSPATH $JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
ENV PATH $PATH:$JAVA_HOME/bin
ENV LANG zh_CN.UTF-8
ENV LC_ALL zh_CN.UTF-8
ENV KKFILEVIEW_BIN_FOLDER /opt/kkFileView-3.3.0/bin
ENTRYPOINT ["java","-Dfile.encoding=UTF-8","-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider","-Dspring.config.location=/opt/kkFileView-3.3.0/config/application.properties","-jar","/opt/kkFileView-3.3.0/bin/kkFileView-3.3.0.jar"]
ENV KKFILEVIEW_BIN_FOLDER /opt/kkFileView-3.3.1/bin
ENTRYPOINT ["java","-Dfile.encoding=UTF-8","-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider","-Dspring.config.location=/opt/kkFileView-3.3.1/config/application.properties","-jar","/opt/kkFileView-3.3.1/bin/kkFileView-3.3.1.jar"]

2
pom.xml
View File

@ -5,7 +5,7 @@
<groupId>cn.keking</groupId>
<artifactId>filepreview</artifactId>
<version>3.3.0</version>
<version>3.3.1</version>
<modules>
<module>office-plugin</module>
<module>server</module>

7
server/pom.xml
View File

@ -12,7 +12,7 @@
<groupId>cn.keking</groupId>
<artifactId>kkFileView</artifactId>
<version>3.3.0</version>
<version>3.3.1</version>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@ -62,11 +62,6 @@
<artifactId>commons-lang3</artifactId>
<version>3.7</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId>
<version>1.9</version>
</dependency>
<!-- REDISSON -->
<dependency>
<groupId>org.redisson</groupId>

2
server/src/main/bin/startup.bat
View File

@ -6,4 +6,4 @@ echo Starting kkFileView...
echo Please check log file in ../log/kkFileView.log for more information
echo You can get help in our official homesite: https://kkFileView.keking.cn
echo If this project is helpful to you, please star it on https://gitee.com/kekingcn/file-online-preview/stargazers
java -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=..\config\application.properties -jar kkFileView-3.3.0.jar -> ..\log\kkFileView.log
java -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=..\config\application.properties -jar kkFileView-3.3.1.jar -> ..\log\kkFileView.log

2
server/src/main/bin/startup.sh
View File

@ -29,4 +29,4 @@ echo "Starting kkFileView..."
echo "Please execute ./showlog.sh to check log for more information"
echo "You can get help in our official homesite: https://kkFileView.keking.cn"
echo "If this project is helpful to you, please star it on https://gitee.com/kekingcn/file-online-preview/stargazers"
nohup java -Dfile.encoding=UTF-8 -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=../config/application.properties -jar kkFileView-3.3.0.jar > ../log/kkFileView.log 2>&1 &
nohup java -Dfile.encoding=UTF-8 -Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider -Dspring.config.location=../config/application.properties -jar kkFileView-3.3.1.jar > ../log/kkFileView.log 2>&1 &

5
server/src/main/java/cn/keking/service/FileHandlerService.java
View File

@ -178,14 +178,15 @@ public class FileHandlerService {
String pdfFolder = pdfName.substring(0, pdfName.length() - 4);
String urlPrefix;
try {
urlPrefix = baseUrl + URLEncoder.encode(URLEncoder.encode(pdfFolder, uriEncoding).replaceAll("\\+", "%20"), uriEncoding);
urlPrefix = baseUrl + URLEncoder.encode(pdfFolder, uriEncoding).replaceAll("\\+", "%20");
} catch (UnsupportedEncodingException e) {
logger.error("UnsupportedEncodingException", e);
urlPrefix = baseUrl + pdfFolder;
}
if (imageCount != null && imageCount > 0) {
for (int i = 0; i < imageCount; i++)
for (int i = 0; i < imageCount; i++) {
imageUrls.add(urlPrefix + "/" + i + imageFileSuffix);
}
return imageUrls;
}
try {

6
server/src/main/java/cn/keking/web/controller/FileController.java
View File

@ -15,8 +15,9 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.util.*;
import org.apache.commons.text.StringEscapeUtils;
import org.springframework.web.util.HtmlUtils;
/**
*
@ -39,7 +40,8 @@ public class FileController {
//判断是否为IE浏览器的文件名IE浏览器下文件名会带有盘符信息
// escaping dangerous characters to prevent XSS
fileName = StringEscapeUtils.escapeHtml4(fileName);
fileName = HtmlUtils.htmlEscape(fileName, StandardCharsets.UTF_8.name());
// Check for Unix-style path
int unixSep = fileName.lastIndexOf('/');
// Check for Windows-style path