From 4e93ac86d4891c59ecfcd27c051de9b3c5379315 Mon Sep 17 00:00:00 2001
From: Grimm <luojian@allinpay.com>
Date: 星期五, 14 三月 2025 22:19:02 +0800
Subject: [PATCH] add file extention check for upload
---
ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/FileUtils.java | 40 ++++++++++++++++++++++++++++++++++++++++
1 files changed, 40 insertions(+), 0 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/FileUtils.java b/ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/FileUtils.java
index 9c6f265..c8cc119 100644
--- a/ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/FileUtils.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/ruoyi/common/core/utils/file/FileUtils.java
@@ -4,9 +4,13 @@
import jakarta.servlet.http.HttpServletResponse;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.web.multipart.MultipartFile;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.UUID;
/**
* 鏂囦欢澶勭悊宸ュ叿绫�
@@ -15,6 +19,8 @@
*/
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class FileUtils extends FileUtil {
+
+ private static final String FILE_EXTENTION_SPLIT = ".";
/**
* 涓嬭浇鏂囦欢鍚嶉噸鏂扮紪鐮�
@@ -40,4 +46,38 @@
String encode = URLEncoder.encode(s, StandardCharsets.UTF_8);
return encode.replaceAll("\\+", "%20");
}
+
+ /**
+ * 妫�鏌ユ枃浠舵墿灞曞悕鏄惁绗﹀悎瑕佹眰
+ *
+ * @param file
+ * @return
+ */
+ public static boolean isValidFileExtention(MultipartFile file, String[] ALLOWED_EXTENSIONS) {
+ if (file == null || file.isEmpty()) {
+ return false;
+ }
+ final String filename = file.getOriginalFilename();
+ if (StringUtils.isBlank(filename) || !filename.contains(FILE_EXTENTION_SPLIT)) {
+ return false;
+ }
+ // 鑾峰彇鏂囦欢鍚庣紑
+ String fileExtension = filename.substring(filename.lastIndexOf('.') + 1).toLowerCase();
+
+ return Arrays.asList(ALLOWED_EXTENSIONS).contains(fileExtension);
+ }
+
+ /**
+ * 鑾峰彇瀹夊叏鐨勬枃浠惰矾寰�
+ *
+ * @param originalFilename 鍘熷鏂囦欢鍚�
+ * @param secureFilePath 瀹夊叏璺緞
+ * @return 瀹夊叏鏂囦欢璺緞
+ */
+ public static String getSecureFilePathForUpload(final String originalFilename, final String secureFilePath) {
+ String extension = originalFilename.substring(originalFilename.lastIndexOf(FILE_EXTENTION_SPLIT));
+ String newFileName = UUID.randomUUID() + extension;
+
+ return secureFilePath + newFileName; // 棰勫畾涔夊畨鍏ㄨ矾寰�
+ }
}
--
Gitblit v1.9.3