linyang
/
24Hour.Service
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

添加非wwwroot文件验证

develop-FileUpload-test
胡超1 2 years ago
parent
982cb5282b
commit
393da2db49
1 changed files with 30 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 44
      24Hour/Controllers/Common/CommonController.cs

44
24Hour/Controllers/Common/CommonController.cs
Unescape View File

@ -1,6 +1,7 @@
using AutoMapper;
using com.sun.org.apache.xalan.@internal.xsltc.runtime;
using com.sun.tools.@internal.xjc.api;
using com.sun.xml.@internal.ws.developer;
using Elight.Entity;
using Elight.Entity.SystemModel;
using Elight.Logic;
@ -13,14 +14,17 @@ using java.util;
using javax.smartcardio;
using javax.xml.crypto;
using jdk.nashorn.@internal.ir;
using MathNet.Numerics.LinearAlgebra;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using NPOI.SS.Formula.Functions;
using Quartz.Logging;
using SqlSugar;
using sun.security.x509;
using System.Drawing.Printing;
using System.Security.AccessControl;
using static com.sun.tools.@internal.xjc.reader.xmlschema.bindinfo.BIConversion;
using static javax.jws.soap.SOAPBinding;
using static sun.font.LayoutPathImpl;
using User = Elight.Utility.User;
@ -2739,19 +2743,34 @@ namespace _24Hour.Controllers.Common
#endregion
#region 文件上传
/// <summary>
/// 通用文件下载接口
/// </summary>
/// <param name="filename"></param>
/// <returns></returns>
[HttpPost]
[Route("RequestDownloadFile")]
public IActionResult RequestDownloadFile(string filename) //[FromBody] dynamic Json
{
var FileName = System.IO.Path.GetFileName(filename);
var currentDate = DateTime.Now;
var FilePath = filename;
return new FileStreamResult(new FileStream(FilePath, FileMode.Open), "application/octet-stream") { FileDownloadName = FileName };
if (System.IO.File.Exists(filename))
{
filename = filename.Replace(@"\\",@"\");
var data = System.IO.Path.Combine(Environment.CurrentDirectory, "wwwroot");
if (filename.Contains(data)==false)
{
return BadRequest();
}
var FileName = System.IO.Path.GetFileName(filename);
var FilePath = filename;
return new FileStreamResult(new FileStream(FilePath, FileMode.Open), "application/octet-stream") { FileDownloadName = FileName };
}
else
{
return BadRequest();
}
}
private string[] AllowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp",".xlsx",".aks"};
private readonly string[] AllowedExtensions = new string[] { ".png", ".jpg", ".jpeg", ".bmp", ".xlsx", ".aks" };
/// <summary>
/// 文件上传--附件
/// <param name="file"></param>
@ -2777,16 +2796,13 @@ namespace _24Hour.Controllers.Common
var fname = $@"{file.FileName}";
var hzname = $"{Path.GetExtension(fname)}";
if (AllowedExtensions.Contains(hzname.ToLower()) == false)
{
outParm.IsSucceed = false;
outParm.Message = "不被允许的文件格式!";
return Json(outParm);
}
var _path = Path.Combine("CaseFile", "card", DateTime.Now.ToString("yyyy-MM-dd"));
var dic = Path.Combine(Environment.CurrentDirectory, "wwwroot", _path);
@ -2832,10 +2848,10 @@ namespace _24Hour.Controllers.Common
[Route("GetImageFile")]
public async Task<Result> GetImageFile(string file)
{
Result result = new Result();
var urlpath = file.Replace("/", @"\");
var path = Path.Combine(Environment.CurrentDirectory, "wwwroot"+urlpath);
var path = Path.Combine(Environment.CurrentDirectory, "wwwroot" + urlpath);
if (System.IO.File.Exists(path))
{
var str = Elight.Utility.Encrypt.DataEncryption.Decryptiones(path);
@ -2888,7 +2904,7 @@ namespace _24Hour.Controllers.Common
});
result.IsSucceed = true;
result.result = data;
}
catch
{

Write Preview
Loading…
Cancel
Save