下面列出了org.springframework.util.StringUtils#cleanPath ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* This implementation requires the path to be relative to the root
* directory and a descendant of the root directory. It also requires the
* relative path at each path segment to be a descendant of the root
* directory, i.e., it cannot start with "../" or contain "../" path
* segments such that once "normalized" it would start with "../"
* (e.g., "dir1/../../dir2" once normalized would be "../dir2").
*
* @param path the relative path to the descendant File.
* @return the descendant File represented by the given relative path or null if the path is null, not relative to the
* root, not a descendant, or the File doesn't exist.
*/
public File getFile(String path) {
if (path == null)
return null;
String workPath = StringUtils.cleanPath(path);
if (workPath.startsWith("../"))
return null;
if (new File(workPath).isAbsolute())
return null;
File file = new File(this.rootDirectory, workPath);
if (file.exists())
return file;
else
return null;
}
@Override
public void store(MultipartFile file) {
String filename = StringUtils.cleanPath(file.getOriginalFilename());
try {
if (file.isEmpty()) {
throw new StorageException("Failed to store empty file " + filename);
}
if (filename.contains("..")) {
// This is a security check
throw new StorageException(
"Cannot store file with relative path outside current directory "
+ filename);
}
try (InputStream inputStream = file.getInputStream()) {
Files.copy(inputStream, this.rootLocation.resolve(filename),
StandardCopyOption.REPLACE_EXISTING);
}
}
catch (IOException e) {
throw new StorageException("Failed to store file " + filename, e);
}
}
private boolean isResourceUnderLocation(Resource resource) throws IOException {
if (resource.getClass() != this.location.getClass()) {
return false;
}
String resourcePath;
String locationPath;
if (resource instanceof UrlResource) {
resourcePath = resource.getURL().toExternalForm();
locationPath = StringUtils.cleanPath(this.location.getURL().toString());
}
else if (resource instanceof ClassPathResource) {
resourcePath = ((ClassPathResource) resource).getPath();
locationPath = StringUtils.cleanPath(((ClassPathResource) this.location).getPath());
}
else {
resourcePath = resource.getURL().getPath();
locationPath = StringUtils.cleanPath(this.location.getURL().getPath());
}
if (locationPath.equals(resourcePath)) {
return true;
}
locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath : locationPath + "/");
if (!resourcePath.startsWith(locationPath)) {
return false;
}
if (resourcePath.contains("%") && StringUtils.uriDecode(resourcePath, StandardCharsets.UTF_8).contains("../")) {
return false;
}
return true;
}
/**
* 存储文件
* @param file: 要上传的文件对象
* @param path: 文件存放路径,路径的最后面没有 "/"
* @return 文件访问路径
*/
@Override
public String store(MultipartFile file, Path path) {
// 文件访问路径
String fileURL = null;
// 判断文件是否为空
if (file.isEmpty()) {
throw new StorageException("请选择要上传的文件");
}
// 获取文件的原名
String filename = StringUtils.cleanPath(file.getOriginalFilename());
// 判断文件格式是否正确
if (filename.contains("..")) {
throw new StorageException("文件格式不正确");
}
// 初始化上传配置
storageProperties.init();
if(storageProperties.getUploadType().equals("45")) {
fileURL = ossService.uploadFile2OSS(file, path.toString());
}else {
// 文件保存目录,数据库里配置的路径 + 自定义路径
path = Paths.get(storageProperties.getUploadFiledir() + path.toString());
// 目录不存在则创建
if (!Files.exists(path)) {
init(path);
}
// 生成新的文件名
String newFilename = FileNameUtil.getFileName(filename);
try (InputStream inputStream = file.getInputStream()) {
// 存储文件
Files.copy(inputStream, path.resolve(newFilename), StandardCopyOption.REPLACE_EXISTING);
fileURL = storageProperties.getStaticUrl() + newFilename;
} catch (IOException e) {
throw new StorageException("上传文件异常", e);
}
}
return fileURL;
}
private boolean isResourceUnderLocation(Resource resource) throws IOException {
if (resource.getClass() != this.location.getClass()) {
return false;
}
String resourcePath;
String locationPath;
if (resource instanceof UrlResource) {
resourcePath = resource.getURL().toExternalForm();
locationPath = StringUtils.cleanPath(this.location.getURL().toString());
}
else if (resource instanceof ClassPathResource) {
resourcePath = ((ClassPathResource) resource).getPath();
locationPath = StringUtils.cleanPath(((ClassPathResource) this.location).getPath());
}
else {
resourcePath = resource.getURL().getPath();
locationPath = StringUtils.cleanPath(this.location.getURL().getPath());
}
if (locationPath.equals(resourcePath)) {
return true;
}
locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath : locationPath + "/");
if (!resourcePath.startsWith(locationPath)) {
return false;
}
if (resourcePath.contains("%") && StringUtils.uriDecode(resourcePath, StandardCharsets.UTF_8).contains("../")) {
return false;
}
return true;
}
/**
* Create a new PortletContextResource.
* <p>The Portlet spec requires that resource paths start with a slash,
* even if many containers accept paths without leading slash too.
* Consequently, the given path will be prepended with a slash if it
* doesn't already start with one.
* @param portletContext the PortletContext to load from
* @param path the path of the resource
*/
public PortletContextResource(PortletContext portletContext, String path) {
// check PortletContext
Assert.notNull(portletContext, "Cannot resolve PortletContextResource without PortletContext");
this.portletContext = portletContext;
// check path
Assert.notNull(path, "Path is required");
String pathToUse = StringUtils.cleanPath(path);
if (!pathToUse.startsWith("/")) {
pathToUse = "/" + pathToUse;
}
this.path = pathToUse;
}
@Override
public void uploadFile(MultipartFile file) throws IOException {
String fileName = StringUtils.cleanPath(file.getOriginalFilename());
if (fileName.isEmpty()) {
throw new IOException("File is empty " + fileName);
}
try {
Files.copy(file.getInputStream(), this.location.resolve(fileName), StandardCopyOption.REPLACE_EXISTING);
} catch (IOException e) {
throw new IOException("File Upload Error : " + fileName);
}
}
@Override
public void uploadFile(MultipartFile file) throws IOException {
String fileName = StringUtils.cleanPath(file.getOriginalFilename());
if (fileName.isEmpty()) {
throw new IOException("File is empty " + fileName);
}
try {
Files.copy(file.getInputStream(), this.location.resolve(fileName), StandardCopyOption.REPLACE_EXISTING);
} catch (IOException e) {
throw new IOException("File Upload Error : " + fileName);
}
}
private String decodeAndNormalizePath(String path, HttpServletRequest request) {
if (path != null) {
path = getUrlPathHelper().decodeRequestString(request, path);
if (path.charAt(0) != '/') {
String requestUri = getUrlPathHelper().getRequestUri(request);
path = requestUri.substring(0, requestUri.lastIndexOf('/') + 1) + path;
path = StringUtils.cleanPath(path);
}
}
return path;
}
public BasicDescendantFileSource(File rootDirectory) {
if (rootDirectory == null)
throw new IllegalArgumentException("Root directory must not be null.");
if (!rootDirectory.exists())
throw new IllegalArgumentException("Root directory must exist: " + rootDirectory.getAbsolutePath() + ".");
if (!rootDirectory.isDirectory())
throw new IllegalArgumentException(
"Root directory must be a directory: " + rootDirectory.getAbsolutePath() + ".");
this.rootDirectoryPath = StringUtils.cleanPath(rootDirectory.getAbsolutePath());
this.rootDirectory = new File(this.rootDirectoryPath);
}
@Override
public UriComponents normalize() {
String normalizedPath = StringUtils.cleanPath(getPath());
FullPathComponent path = new FullPathComponent(normalizedPath);
return new HierarchicalUriComponents(getScheme(), getFragment(), this.userInfo, this.host, this.port,
path, this.queryParams, this.encodeState, this.variableEncoder);
}
private boolean isResourceUnderLocation(Resource resource, Resource location) throws IOException {
if (resource.getClass() != location.getClass()) {
return false;
}
String resourcePath;
String locationPath;
if (resource instanceof UrlResource) {
resourcePath = resource.getURL().toExternalForm();
locationPath = StringUtils.cleanPath(location.getURL().toString());
}
else if (resource instanceof ClassPathResource) {
resourcePath = ((ClassPathResource) resource).getPath();
locationPath = StringUtils.cleanPath(((ClassPathResource) location).getPath());
}
else if (resource instanceof ServletContextResource) {
resourcePath = ((ServletContextResource) resource).getPath();
locationPath = StringUtils.cleanPath(((ServletContextResource) location).getPath());
}
else {
resourcePath = resource.getURL().getPath();
locationPath = StringUtils.cleanPath(location.getURL().getPath());
}
if (locationPath.equals(resourcePath)) {
return true;
}
locationPath = (locationPath.endsWith("/") || locationPath.isEmpty() ? locationPath : locationPath + "/");
return (resourcePath.startsWith(locationPath) && !isInvalidEncodedPath(resourcePath));
}
public List<String> getElementList(String elementName, String subElementName) {
List<String> result = new ArrayList<>();
Element elem = rootElem.getChild(elementName);
if (elem == null)
return result;
List<Element> rootList = elem.getChildren(subElementName);
for (Element elem2 : rootList) {
String location = StringUtils.cleanPath(elem2.getTextNormalize());
if (location.length() > 0)
result.add(location);
}
return result;
}
/**
* Create a new ServletContextResource.
* <p>The Servlet spec requires that resource paths start with a slash,
* even if many containers accept paths without leading slash too.
* Consequently, the given path will be prepended with a slash if it
* doesn't already start with one.
* @param servletContext the ServletContext to load from
* @param path the path of the resource
*/
public ServletContextResource(ServletContext servletContext, String path) {
// check ServletContext
Assert.notNull(servletContext, "Cannot resolve ServletContextResource without ServletContext");
this.servletContext = servletContext;
// check path
Assert.notNull(path, "Path is required");
String pathToUse = StringUtils.cleanPath(path);
if (!pathToUse.startsWith("/")) {
pathToUse = "/" + pathToUse;
}
this.path = pathToUse;
}
private void generate(Directory root, File pomFile, boolean generateChecksums) {
String name = StringUtils.getFilename(pomFile.getName());
String extension = StringUtils.getFilenameExtension(pomFile.getName());
String prefix = name.substring(0, name.length() - extension.length() - 1);
File[] files = pomFile.getParentFile().listFiles((f) -> include(f, prefix));
MultiValueMap<File, MavenCoordinates> fileCoordinates = new LinkedMultiValueMap<>();
for (File file : files) {
String rootPath = StringUtils.cleanPath(root.getFile().getPath());
String relativePath = StringUtils.cleanPath(file.getPath()).substring(rootPath.length() + 1);
fileCoordinates.add(file.getParentFile(), MavenCoordinates.fromPath(relativePath));
}
fileCoordinates.forEach((file, coordinates) -> writeMetadata(file, coordinates, generateChecksums));
}
public List<String> getRootList(String elementName) {
List<String> result = new ArrayList<>();
List<Element> rootList = rootElem.getChildren(elementName);
for (Element elem : rootList) {
String location = StringUtils.cleanPath(elem.getTextNormalize());
if (location.length() > 0)
result.add(location);
}
return result;
}
private static String cleanPath(String path) {
path = StringUtils.cleanPath(path);
path = (path.startsWith("/") ? path : "/" + path);
return path;
}
/**
* Convert the supplied paths to classpath resource paths.
*
* <p>For each of the supplied paths:
* <ul>
* <li>A plain path — for example, {@code "context.xml"} — will
* be treated as a classpath resource that is relative to the package in
* which the specified class is defined.
* <li>A path starting with a slash will be treated as an absolute path
* within the classpath, for example: {@code "/org/example/schema.sql"}.
* <li>A path which is prefixed with a URL protocol (e.g.,
* {@link ResourceUtils#CLASSPATH_URL_PREFIX classpath:},
* {@link ResourceUtils#FILE_URL_PREFIX file:}, {@code http:}, etc.) will be
* {@link StringUtils#cleanPath cleaned} but otherwise unmodified.
*
* @param clazz the class with which the paths are associated
* @param paths the paths to be converted
* @return a new array of converted resource paths
* @see #convertToResources
*/
public static String[] convertToClasspathResourcePaths(Class<?> clazz, String... paths) {
String[] convertedPaths = new String[paths.length];
for (int i = 0; i < paths.length; i++) {
String path = paths[i];
if (path.startsWith(SLASH)) {
convertedPaths[i] = ResourceUtils.CLASSPATH_URL_PREFIX + path;
}
else if (!ResourcePatternUtils.isUrl(path)) {
convertedPaths[i] = ResourceUtils.CLASSPATH_URL_PREFIX + SLASH
+ StringUtils.cleanPath(ClassUtils.classPackageAsResourcePath(clazz) + SLASH + path);
}
else {
convertedPaths[i] = StringUtils.cleanPath(path);
}
}
return convertedPaths;
}
/**
* Create a new {@code FileSystemResource} from a {@link Path} handle,
* performing all file system interactions via NIO.2 instead of {@link File}.
* <p>In contrast to {@link PathResource}, this variant strictly follows the
* general {@link FileSystemResource} conventions, in particular in terms of
* path cleaning and {@link #createRelative(String)} handling.
* @param filePath a Path handle to a file
* @since 5.1
* @see #FileSystemResource(File)
*/
public FileSystemResource(Path filePath) {
Assert.notNull(filePath, "Path must not be null");
this.path = StringUtils.cleanPath(filePath.toString());
this.file = null;
this.filePath = filePath;
}
/**
* Create a new {@code ClassPathResource} for {@code Class} usage.
* The path can be relative to the given class, or absolute within
* the classpath via a leading slash.
* @param path relative or absolute path within the class path
* @param clazz the class to load resources with
* @see java.lang.Class#getResourceAsStream
*/
public ClassPathResource(String path, @Nullable Class<?> clazz) {
Assert.notNull(path, "Path must not be null");
this.path = StringUtils.cleanPath(path);
this.clazz = clazz;
}