来源:自学PHP网 时间:2015-04-15 15:00 作者: 阅读:次
[导读] 万户OA多处无限制任意文件下载详细说明:头两处没啥好说的直接利用% 得到文件名字和路径 String filepath=; HttpServletRequest HSR=(HttpServletRequest)pageContext getRequest(); Strin...
万户OA多处无限制任意文件下载 头两处没啥好说的直接利用
<% // 得到文件名字和路径 String filepath=""; HttpServletRequest HSR=(HttpServletRequest)pageContext.getRequest(); String path=request.getParameter("path"); filepath=HSR.getRealPath("/upload/")+"/"+path+"/"; String filename = request.getParameter("FileName"); String name = request.getParameter("name"); // 设置响应头和下载保存的文件名 response.setContentType("csv"); response.setHeader("Content-Disposition", "attachment; filename=\"" + name + "\""); // 打开指定文件的流信息 java.io.FileInputStream fileInputStream = new java.io.FileInputStream(filepath + filename); // 写出流信息 int i; while ((i=fileInputStream.read()) != -1) { out.write(i); } fileInputStream.close(); out.close(); %>
后面两处要多一道程序,不过不麻烦。
<% String local = session.getAttribute("org.apache.struts.action.LOCALE").toString(); // 得到文件名字和路径 String filepath=""; HttpServletRequest HSR=(HttpServletRequest)pageContext.getRequest(); String path=request.getParameter("path"); filepath=HSR.getRealPath("/upload/")+"/wage_manager/"; String fileRealName = request.getParameter("fileRealName"); String fileSaveName = request.getParameter("fileSaveName"); response.reset(); response.setContentType("csv"); java.io.File file = new java.io.File(filepath+fileSaveName); String dd = filepath+fileRealName; if(file.exists()){ fileRealName = new String(fileRealName.getBytes("GBK"), "ISO8859-1"); response.setHeader("Content-Disposition","attachment; filename=\"" + fileRealName + "\""); // 打开指定文件的流信息 java.io.FileInputStream fileInputStream = new java.io.FileInputStream(filepath+fileSaveName); java.io.BufferedInputStream bis = new java.io.BufferedInputStream(fileInputStream); byte[] buffer = new byte[1024]; java.io.OutputStream os = response.getOutputStream(); while (bis.read(buffer)>0) { os.write(buffer); } fileInputStream.close(); os.close(); out.close(); }else{ response.setContentType("text/html; charset=UTF-8"); %> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <SCRIPT LANGUAGE="JavaScript"> alert("<%=com.whir.i18n.Resource.getValue(local,"common","comm.filenotfound")%>"); history.back(); </SCRIPT> </head> <body> </body> </html> <%}%>
defaultroot\public\edit\jsp\config.jsp |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com