0
我現在用的是接受該fileUpload
控件屬性,只允許某些類型的文件,防止上傳.exe或其他可能有害的文件。X-頁:FileUpload控件防止將不需要的文件上傳
application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.ms-excel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,application/ms-powerpoint,application/vnd.openxmlformats-officedocument.presentationml.presentation,application/pdf,text/plain,image/gif,image/jpeg,image/pjpeg,image/png"
這工作,但我使用的工具稱爲打嗝套房,讓我來攔截可接受的文件,例如:.txt
可能包含有害代碼和文件擴展名更改爲.exe
,然後將其上傳至X頁數據庫。
當我轉到保存文檔並截取並更改爲.exe後,我添加了以下代碼以識別exe文件: 我們是否可以操縱上傳的內容並將文件擴展名更改爲無害的.txt ?
var fileData:com.ibm.xsp.http.UploadedFile =facesContext.getExternalContext().getRequest().getParameterMap().get(getClientId('fileUpload1'));
if (fileData != null) {
var tempFile:java.io.File = fileData.getServerFile();
// Get the path
var filePath:String = tempFile.getParentFile().getAbsolutePath();
// Get file Name
var fileName:String = tempFile.getParentFile().getName();
// Get the Name of the file as it appeared on the client machine - the name on the server will NOT be the same
var clientFileName:String = fileData.getClientFileName();
}
var fileRight = clientFileName.slice(-4);
if (fileRight == ".exe")
{
//facesContext.getExternalContext().getRequest().getParameterMap().get(getClientId('fileUpload1').replace(".exe",".txt"))
//facesContext.getExternalContext().getRequest().getParameterMap().get(getClientId('fileUpload1').remove(".exe",0))
}
非常感謝,我用這個解決方案,您所提供和它的工作。 –