diff --git a/24Hour/Controllers/Common/CommonController.cs b/24Hour/Controllers/Common/CommonController.cs
index 5da3584..afde62b 100644
--- a/24Hour/Controllers/Common/CommonController.cs
+++ b/24Hour/Controllers/Common/CommonController.cs
@@ -1,6 +1,7 @@
using AutoMapper;
using com.sun.org.apache.xalan.@internal.xsltc.runtime;
using com.sun.tools.@internal.xjc.api;
+using com.sun.xml.@internal.ws.developer;
using Elight.Entity;
using Elight.Entity.SystemModel;
using Elight.Logic;
@@ -13,14 +14,17 @@ using java.util;
using javax.smartcardio;
using javax.xml.crypto;
using jdk.nashorn.@internal.ir;
+using MathNet.Numerics.LinearAlgebra;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
+using NPOI.SS.Formula.Functions;
using Quartz.Logging;
using SqlSugar;
using sun.security.x509;
using System.Drawing.Printing;
using System.Security.AccessControl;
using static com.sun.tools.@internal.xjc.reader.xmlschema.bindinfo.BIConversion;
+using static javax.jws.soap.SOAPBinding;
using static sun.font.LayoutPathImpl;
using User = Elight.Utility.User;
@@ -2739,19 +2743,34 @@ namespace _24Hour.Controllers.Common
#endregion
#region 文件上传
+ ///
+ /// 通用文件下载接口
+ ///
+ ///
+ ///
[HttpPost]
[Route("RequestDownloadFile")]
public IActionResult RequestDownloadFile(string filename) //[FromBody] dynamic Json
{
- var FileName = System.IO.Path.GetFileName(filename);
- var currentDate = DateTime.Now;
-
- var FilePath = filename;
-
- return new FileStreamResult(new FileStream(FilePath, FileMode.Open), "application/octet-stream") { FileDownloadName = FileName };
+ if (System.IO.File.Exists(filename))
+ {
+ filename = filename.Replace(@"\\",@"\");
+ var data = System.IO.Path.Combine(Environment.CurrentDirectory, "wwwroot");
+ if (filename.Contains(data)==false)
+ {
+ return BadRequest();
+ }
+ var FileName = System.IO.Path.GetFileName(filename);
+ var FilePath = filename;
+ return new FileStreamResult(new FileStream(FilePath, FileMode.Open), "application/octet-stream") { FileDownloadName = FileName };
+ }
+ else
+ {
+ return BadRequest();
+ }
}
- private string[] AllowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp",".xlsx",".aks"};
+ private readonly string[] AllowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp", ".xlsx", ".aks" };
///
/// 文件上传--附件
///
@@ -2777,16 +2796,13 @@ namespace _24Hour.Controllers.Common
var fname = $@"{file.FileName}";
var hzname = $"{Path.GetExtension(fname)}";
-
+
if (AllowedExtensions.Contains(hzname.ToLower()) == false)
{
outParm.IsSucceed = false;
outParm.Message = "不被允许的文件格式!";
return Json(outParm);
}
-
-
-
var _path = Path.Combine("CaseFile", "card", DateTime.Now.ToString("yyyy-MM-dd"));
var dic = Path.Combine(Environment.CurrentDirectory, "wwwroot", _path);
@@ -2832,10 +2848,10 @@ namespace _24Hour.Controllers.Common
[Route("GetImageFile")]
public async Task GetImageFile(string file)
{
-
+
Result result = new Result();
var urlpath = file.Replace("/", @"\");
- var path = Path.Combine(Environment.CurrentDirectory, "wwwroot"+urlpath);
+ var path = Path.Combine(Environment.CurrentDirectory, "wwwroot" + urlpath);
if (System.IO.File.Exists(path))
{
var str = Elight.Utility.Encrypt.DataEncryption.Decryptiones(path);
@@ -2888,7 +2904,7 @@ namespace _24Hour.Controllers.Common
});
result.IsSucceed = true;
result.result = data;
-
+
}
catch
{