关于enctype="multipart/form-data"及过滤非法字符的问题
益游未尽 2013-11-21 05:15:47 正常表单可以过去 但是带文件的就不能
求高手解决 qq30841197
public class MessageFilter implements Filter {
private FilterConfig config;
private GuoLvService guoLvService;
private List<GuoLv> guoLvs = new ArrayList<GuoLv>();
private Map<String, String> map = new LinkedHashMap<String, String>();
private Set<String> set = new HashSet<String>();
public void destroy() {
this.config = null;
}
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
request.setCharacterEncoding("GBK");
System.out.println("filter");
String param = "";
String paramValue = "";
boolean isMultipart = ServletFileUpload.isMultipartContent(request);
String s1 = request.getRequestURI();
if (!s1.contains("guolv")) {
guoLvs = guoLvService.findAll();
for (GuoLv g : guoLvs) {
map.put(g.getBefore(), g.getAfter());
}
set = map.keySet();
if (!isMultipart) {
Enumeration<Object> params = request.getParameterNames();
Map<String, String[]> m = new HashMap<String, String[]>(
request.getParameterMap());
while (params.hasMoreElements()) {
param = (String) params.nextElement();
String[] values = request.getParameterValues(param);
System.out.println(param + "" + Arrays.toString(values));
for (int i = 0; i < values.length; i++) {
paramValue = values[i];
//替换
for (String s : set) {
paramValue = paramValue.replaceAll(s, map.get(s));
}
values[i] = paramValue;
}
System.out.println(param + "--------------" + paramValue);
m.put(param, values);
}
request = new ParameterRequestWrapper(request, m);
}
if(isMultipart){
Map<String, String[]> m1 = new HashMap<String, String[]>(
request.getParameterMap());
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
try {
List items = upload.parseRequest(request);
Iterator iter = items.iterator();
while (iter.hasNext()){
FileItem item = (FileItem) iter.next();
if (item.isFormField()) {
String name = item.getFieldName();
String value =item.getString("gbk");
//out.println(name + "=" + value);
for (String s : set) {
value = value.replaceAll(s, map.get(s));
}
String[] v=new String[]{value};
request.setAttribute(name, value);
m1.put(name, v);
System.out.println(name+"======"+value);
} else{
//文件怎么处理???
}
}
request = new ParameterRequestWrapper(request, m1);
} catch (FileUploadException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
filterChain.doFilter(request, response);
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
this.config = arg0;
WebApplicationContext wac = WebApplicationContextUtils
.getRequiredWebApplicationContext(config.getServletContext());
guoLvService = (GuoLvService) wac.getBean("guoLvService");
}
}
class ParameterRequestWrapper extends HttpServletRequestWrapper {
private Map<String, String[]> params;
public ParameterRequestWrapper(HttpServletRequest request,
Map<String, String[]> newParams) {
super(request);
this.params = newParams;
}
@Override
public String getParameter(String name) {
String result = "";
Object v = params.get(name);
if (v == null) {
result = null;
} else if (v instanceof String[]) {
String[] strArr = (String[]) v;
if (strArr.length > 0) {
result = strArr[0];
} else {
result = null;
}
} else if (v instanceof String) {
result = (String) v;
} else {
result = v.toString();
}
return result;
}
@Override
public Map getParameterMap() {
return params;
}
@Override
public Enumeration getParameterNames() {
return new Vector(params.keySet()).elements();
}
@Override
public String[] getParameterValues(String name) {
String[] result = null;
Object v = params.get(name);
if (v == null) {
result = null;
} else if (v instanceof String[]) {
result = (String[]) v;
} else if (v instanceof String) {
result = new String[] { (String) v };
} else {
result = new String[] { v.toString() };
}
return result;
}
}
class MultiPartRequestWrapper extends HttpServletRequestWrapper{
public MultiPartRequestWrapper(HttpServletRequest request) {
super(request);
// TODO Auto-generated constructor stub
}
}