import java.util.*;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import dataBase.DataBase;
import smartupload.SmartUpload;
import tools.*;
public class FileUpLoadServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private ServletConfig config;
final public void init(ServletConfig config) throws ServletException {
this.config = config;
}
public FileUpLoadServlet() {
super();
}
public void destroy() {
super.destroy();
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String path = "";
String fileName;
Time t=new Time();
String mtime=Time.getMTime();
DataBase db = new DataBase();
SmartUpload mySmartUpload = new SmartUpload();
try {
// Initialization
mySmartUpload.initialize(config, request, response);
mySmartUpload.setMaxFileSize(1000000);
// 设定允许上传的文件的总长度,用于限制一次性上传的数据量大小
mySmartUpload.setTotalMaxFileSize(2000000);
// 设定允许上传的文件(通过扩展名限制),仅允许doc,txt文件
mySmartUpload.setAllowedFilesList("doc,txt,rar");
// 设定禁止上传的文件(通过扩展名限制),禁止上传带有exe,bat,jsp,htm,html扩展名的//文件和没有扩展名的文件
mySmartUpload.setDeniedFilesList("exe , bat ,jsp ,htm ,html, jpg");
mySmartUpload.upload();
fileName = mySmartUpload.getFiles().getFile(0).getFileName();
path = "upLoad/"+mtime+fileName;
mySmartUpload.getFiles().getFile(0).saveAs(path,
mySmartUpload.SAVE_VIRTUAL);
ArrayList<String> users = new ArrayList<String>();
String now =Time.getDate();
db.connectToDB();
String sql="insert into oa_document(documentID,docName,docPath,docType,uploadTime) values('"+mtime+"','"+fileName+"','"+path+"','0','"+now+"')";
db.executeUpdate(sql);
if(mySmartUpload.getRequest().getParameterValues("userList")!=null){
for (int i = 0; i < mySmartUpload.getRequest().getParameterValues("userList").length; i++)
{
users.add(mySmartUpload.getRequest().getParameterValues("userList")[i]);}
for (int i = 0; i < users.size(); i++)
{
sql="insert into oa_downLoad_right(userName,documentID) values('"+users.get(i)+"','"+mtime+"')";
db.executeUpdate(sql);
}}
} catch (Exception e) {
e.printStackTrace();
System.out.println("Unable to upload the file.<br>");
System.out.println("Error : " + e.toString());
}
db.close();
response.sendRedirect("fileUpLoad.jsp");
}
public void init() throws ServletException {
// Put your code here
}
}
Java code
package smartupload; import java.io.ByteArrayInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; import java.sql.ResultSet; import java.sql.SQLException; import javax.servlet.ServletException; public class SmartFile { private SmartUpload m_parent; private int m_startData; private int m_endData; private int m_size; private String m_fieldname; private String m_filename; private String m_fileExt; private String m_filePathName; private String m_contentType; private String m_contentDisp; private String m_typeMime; private String m_subTypeMime; // private String m_contentString; private boolean m_isMissing; public static final int SAVEAS_AUTO = 0 ; public static final int SAVEAS_VIRTUAL = 1 ; public static final int SAVEAS_PHYSICAL = 2 ; SmartFile() { m_startData = 0 ; m_endData = 0 ; m_size = 0 ; m_fieldname = "" ; // new String(""); m_filename = "" ; // new String(); m_fileExt = "" ; // new String(); m_filePathName = "" ; // new String(""); m_contentType = "" ; // new String(); m_contentDisp = "" ; // new String(); m_typeMime = "" ; // new String(); m_subTypeMime = "" ; // new String(); // m_contentString = ""; // new String(); m_isMissing = true ; } public void saveAs(String s) throws IOException,SmartUploadException { saveAs(s, 0 ); } public void saveAs(String s, int i) throws IOException,SmartUploadException { // Method invokes dubious new String() constructor; just use "" // Creating a new java.lang.String object using the no-argument constructor wastes memory because the object so created will be functionally indistinguishable from the empty string constant ""./u00A0 Java guarantees that identical string constants will be represented by the same String object./u00A0 Therefore, you should just use the empty string constant directly. // String s1 = new String(); String s1 = "" ; s1 = m_parent.getPhysicalPath(s,i); if (s1 == null ) { throw new IllegalArgumentException( " There is no specified destination file (1140). " ); } try { java.io.File file = new java.io.File(s1); FileOutputStream fileoutputstream = new FileOutputStream(file); fileoutputstream.write(m_parent.m_binArray,m_startData,m_size); fileoutputstream.close(); } catch (IOException ioexception) { throw new SmartUploadException( " File can't be saved (1120). " ); } } public void fileToField(ResultSet resultset,String s) throws ServletException,IOException,SmartUploadException,SQLException { long l = 0L ; int i = 0x10000 ; int j = 0 ; int k = m_startData; if (resultset == null ) { throw new IllegalArgumentException( " The RecordSet cannot be null (1145). " ); } if (s == null ) { throw new IllegalArgumentException( " The columnName cannot be null (1150). " ); } if (s.length() == 0 ) { throw new IllegalArgumentException( " The columnName cannot be empty (1155). " ); } l = BigInteger.valueOf(m_size).divide(BigInteger.valueOf(i)).longValue(); j = BigInteger.valueOf(m_size).mod(BigInteger.valueOf(i)).intValue(); try { for ( int i1 = 1 ;( long )i1 < l;i1 ++ ) { resultset.updateBinaryStream(s, new ByteArrayInputStream(m_parent.m_binArray,k,i),i); k = k != 0 ? k : 1 ; k = i1 * i + m_startData; } if (j > 0 ) { resultset.updateBinaryStream(s, new ByteArrayInputStream(m_parent.m_binArray,k,j),j); } } catch (SQLException sqlexception) { byte abyte0[] = new byte [m_size]; System.arraycopy(m_parent.m_binArray,m_startData,abyte0, 0 ,m_size); resultset.updateBytes(s,abyte0); } catch (Exception exception) { throw new SmartUploadException( " Unable to save file in the DataBase (1130). " ); } } public boolean isMissing() { return m_isMissing; } public String getFieldName() { return m_fieldname; } public String getFileName() { return m_filename; } public String getFilePathName() { return m_filePathName; } public String getFileExt() { return m_fileExt; } public String getContentType() { return m_contentType; } public String getContentDisp() { return m_contentDisp; } public String getContentString() { String s = new String(m_parent.m_binArray,m_startData,m_size); return s; } public String getTypeMIME() throws IOException { return m_typeMime; } public String getSubTypeMIME() { return m_subTypeMime; } public int getSize() { return m_size; } protected int getStartData() { return m_startData; } protected int getEndData() { return m_endData; } protected void setParent(SmartUpload smartupload) { m_parent = smartupload; } protected void setStartData( int i) { m_startData = i; } protected void setEndData( int i) { m_endData = i; } protected void setSize( int i) { m_size = i; } protected void setIsMissing( boolean flag) { m_isMissing = flag; } protected void setFieldName(String s) { m_fieldname = s; } protected void setFileName(String s) { m_filename = s; } protected void setFilePathName(String s) { m_filePathName = s; } protected void setFileExt(String s) { m_fileExt = s; } protected void setContentType(String s) { m_contentType = s; } protected void setContentDisp(String s) { m_contentDisp = s; } protected void setTypeMIME(String s) { m_typeMime = s; } protected void setSubTypeMIME(String s) { m_subTypeMime = s; } public byte getBinaryData( int i) { if (m_startData + i > m_endData) { throw new ArrayIndexOutOfBoundsException( " Index Out of range (1115). " ); } if (m_startData + i <= m_endData) { return m_parent.m_binArray[m_startData + i]; } else { return 0 ; } } }
Java code
package smartupload; import java.io.IOException; import java.util.Collection; import java.util.Enumeration; import java.util.Hashtable; public class SmartFiles { // private SmartUpload m_parent; private Hashtable m_files; private int m_counter; SmartFiles() { m_files = new Hashtable(); m_counter = 0 ; } protected void addFile(SmartFile file) { if (file == null ) { throw new IllegalArgumentException( " newFile cannot be null. " ); } else { m_files.put( new Integer(m_counter), file); m_counter ++ ; return ; } } public SmartFile getFile( int i) { if (i < 0 ) { throw new IllegalArgumentException( " File's index cannot be a negative value (1210). " ); } SmartFile file = (SmartFile) m_files.get( new Integer(i)); if (file == null ) { throw new IllegalArgumentException( " Files' name is invalid or does not exist (1205). " ); } else { return file; } } public int getCount() { return m_counter; } public long getSize() throws IOException { long l = 0L ; for ( int i = 0 ; i < m_counter; i ++ ) { l += getFile(i).getSize(); } return l; } public Collection getCollection() { return m_files.values(); } public Enumeration getEnumeration() { return m_files.elements(); } }
-
Java code
-
package smartupload; import java.util.Enumeration; import java.util.Hashtable; public class SmartRequest { private Hashtable m_parameters; private int m_counter; SmartRequest() { m_parameters = new Hashtable(); m_counter = 0 ; } protected void putParameter(String s,String s1) { if (s == null ) { throw new IllegalArgumentException( " The name of an element cannot be null. " ); } if (m_parameters.containsKey(s)) { Hashtable hashtable = (Hashtable)m_parameters.get(s); hashtable.put( new Integer(hashtable.size()),s1); } else { Hashtable hashtable1 = new Hashtable(); hashtable1.put( new Integer( 0 ),s1); m_parameters.put(s,hashtable1); m_counter ++ ; } } public String getParameter(String s) { if (s == null ) { throw new IllegalArgumentException( " Form's name is invalid or does not exist (1305). " ); } Hashtable hashtable = (Hashtable)m_parameters.get(s); if (hashtable == null ) { return null ; } else { return (String)hashtable.get( new Integer( 0 )); } } public Enumeration getParameterNames() { return m_parameters.keys(); } public String[] getParameterValues(String s) { if (s == null ) { throw new IllegalArgumentException( " Form's name is invalid or does not exist (1305). " ); } Hashtable hashtable = (Hashtable)m_parameters.get(s); if (hashtable == null ) { return null ; } String as[] = new String[hashtable.size()]; for ( int i = 0 ;i < hashtable.size();i ++ ) { as[i] = (String)hashtable.get( new Integer(i)); } return as; } }
Java code package smartupload; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.sql.ResultSet; import java.sql.SQLException; import java.util.Vector; import javax.servlet.ServletConfig; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.servlet.jsp.JspWriter; import javax.servlet.jsp.PageContext; public class SmartUpload { protected byte m_binArray[]; protected HttpServletRequest m_request; protected HttpServletResponse m_response; protected ServletContext m_application; private int m_totalBytes; private int m_currentIndex; private int m_startData; private int m_endData; private String m_boundary; private long m_totalMaxFileSize; private long m_maxFileSize; private Vector m_deniedFilesList; private Vector m_allowedFilesList; private boolean m_denyPhysicalPath; // private boolean m_forcePhysicalPath; private String m_contentDisposition; public static final int SAVE_AUTO = 0 ; public static final int SAVE_VIRTUAL = 1 ; public static final int SAVE_PHYSICAL = 2 ; private SmartFiles m_files; private SmartRequest m_formRequest; public SmartUpload() { m_totalBytes = 0 ; m_currentIndex = 0 ; m_startData = 0 ; m_endData = 0 ; m_boundary = "" ; // new String(); m_totalMaxFileSize = 0L ; m_maxFileSize = 0L ; m_deniedFilesList = new Vector(); m_allowedFilesList = new Vector(); m_denyPhysicalPath = false ; // m_forcePhysicalPath = false; m_contentDisposition = "" ; // new String(); m_files = new SmartFiles(); m_formRequest = new SmartRequest(); } /** * @deprecated Method init is deprecated */ public final void init(ServletConfig servletconfig) throws ServletException { m_application = servletconfig.getServletContext(); } /** * @deprecated Method service is deprecated */ public void service(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws ServletException, IOException { m_request = httpservletrequest; m_response = httpservletresponse; } public final void initialize(ServletConfig servletconfig, HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse) throws ServletException { m_application = servletconfig.getServletContext(); m_request = httpservletrequest; m_response = httpservletresponse; } public final void initialize(PageContext pagecontext) throws ServletException { m_application = pagecontext.getServletContext(); m_request = (HttpServletRequest) pagecontext.getRequest(); m_response = (HttpServletResponse) pagecontext.getResponse(); } /** * @deprecated Method initialize is deprecated */ public final void initialize(ServletContext servletcontext, HttpSession httpsession, HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse, JspWriter jspwriter) throws ServletException { m_application = servletcontext; m_request = httpservletrequest; m_response = httpservletresponse; } public void upload() throws ServletException, IOException, SmartUploadException { int i = 0 ; // boolean flag = false; boolean flag1 = false ; // boolean flag2 = false; long l = 0L ; // String s = ""; // new String(); // String s2 = ""; // new String(); String s4 = "" ; // new String(); String s5 = "" ; // new String(); String s6 = "" ; // new String(); String s7 = "" ; // new String(); String s8 = "" ; // new String(); String s9 = "" ; // new String(); String s10 = "" ; // new String(); m_totalBytes = m_request.getContentLength(); m_binArray = new byte [m_totalBytes]; int j; for (; i < m_totalBytes; i += j) { try { m_request.getInputStream(); j = m_request.getInputStream().read(m_binArray, i, m_totalBytes - i); } catch (Exception exception) { throw new SmartUploadException( " Unable to upload. " ); } } for (; ! flag1 && m_currentIndex < m_totalBytes; m_currentIndex ++ ) { if (m_binArray[m_currentIndex] == 13 ) { flag1 = true ; } else { m_boundary = m_boundary + ( char ) m_binArray[m_currentIndex]; } } if (m_currentIndex == 1 ) { return ; } for (m_currentIndex ++ ; m_currentIndex < m_totalBytes; m_currentIndex = m_currentIndex + 2 ) { String s1 = getDataHeader(); m_currentIndex = m_currentIndex + 2 ; boolean flag3 = s1.indexOf( " filename " ) > 0 ; String s3 = getDataFieldValue(s1, " name " ); if (flag3) { s6 = getDataFieldValue(s1, " filename " ); s4 = getFileName(s6); s5 = getFileExt(s4); s7 = getContentType(s1); s8 = getContentDisp(s1); s9 = getTypeMIME(s7); s10 = getSubTypeMIME(s7); } getDataSection(); if (flag3 && s4.length() > 0 ) { if (m_deniedFilesList.contains(s5)) { throw new SecurityException( " The extension of the file is denied to be uploaded (1015). " ); } if ( ! m_allowedFilesList.isEmpty() && ! m_allowedFilesList.contains(s5)) { throw new SecurityException( " The extension of the file is not allowed to be uploaded (1010). " ); } if (m_maxFileSize > 0L && ( long ) ((m_endData - m_startData) + 1 ) > m_maxFileSize) { throw new SecurityException( " Size exceeded for this file : " + s4 + " (1105). " ); } l += (m_endData - m_startData) + 1 ; if (m_totalMaxFileSize > 0L && l > m_totalMaxFileSize) { throw new SecurityException( " Total File Size exceeded (1110). " ); } } if (flag3) { SmartFile file = new SmartFile(); file.setParent( this ); file.setFieldName(s3); file.setFileName(s4); file.setFileExt(s5); file.setFilePathName(s6); file.setIsMissing(s6.length() == 0 ); file.setContentType(s7); file.setContentDisp(s8); file.setTypeMIME(s9); file.setSubTypeMIME(s10); if (s7.indexOf( " application/x-macbinary " ) > 0 ) { m_startData = m_startData + 128 ; } file.setSize((m_endData - m_startData) + 1 ); file.setStartData(m_startData); file.setEndData(m_endData); m_files.addFile(file); } else { String s11 = new String(m_binArray, m_startData, (m_endData - m_startData) + 1 ); m_formRequest.putParameter(s3, s11); } if (( char ) m_binArray[m_currentIndex + 1 ] == ' - ' ) { break ; } } } public int save(String s) throws ServletException, IOException, SmartUploadException { return save(s, 0 ); }
public int save(String s, int i) throws ServletException, IOException, SmartUploadException { int j = 0 ; if (s == null ) { s = m_application.getRealPath( " / " ); // System.out.println("s == null,m_application.getRealPath:" + s); } if (s.indexOf( " / " ) != - 1 ) { if (s.charAt(s.length() - 1 ) != ' / ' ) { s = s + " / " ; // System.out.println("m_application.getRealPath::" + s); } } else { if (s.charAt(s.length() - 1 ) != ' // ' ) { s = s + " // " ; // System.out.println("m_application.getRealPath" + s); } } // System.out.println("m_application.getRealPath:::" + s); FileNames = new String[m_files.getCount()]; for ( int k = 0 ; k < m_files.getCount(); k ++ ) { if ( ! m_files.getFile(k).isMissing()) { // System.out.println("s + m_files.getFile(k).getFileName():" + s + m_files.getFile(k).getFileName()); m_files.getFile(k).saveAs(s + m_files.getFile(k).getFileName(), i); FileNames[j] = s + m_files.getFile(k).getFileName(); j ++ ; } } return j; } // Add private String[] FileNames; public String[] getFileNames() { // Method may expose internal representation by returning array // Returning an array value stored in one of the object's fields exposes the internal representation of the object.? For classes shared by other untrusted classes, this could potentially be a security issue.? Returning a new copy of the array is better approach in many situations. String[] vFileNames = new String[FileNames.length]; System.arraycopy(FileNames, 0 , vFileNames, 0 , FileNames.length); return vFileNames; } public int getSize() { return m_totalBytes; } public byte getBinaryData( int i) { byte byte0; try { byte0 = m_binArray[i]; } catch (Exception exception) { throw new ArrayIndexOutOfBoundsException( " Index out of range (1005). " ); } return byte0; } public SmartFiles getFiles() { return m_files; } public SmartRequest getRequest() { return m_formRequest; } public void downloadFile(String s) throws ServletException, IOException, SmartUploadException { downloadFile(s, null , null ); } public void downloadFile(String s, String s1) throws ServletException, IOException, SmartUploadException, SmartUploadException { downloadFile(s, s1, null ); } public void downloadFile(String s, String s1, String s2) throws ServletException, IOException, SmartUploadException { downloadFile(s, s1, s2, 65000 ); } public void downloadFile(String s, String s1, String s2, int i) throws ServletException, IOException, SmartUploadException { if (s == null ) { throw new IllegalArgumentException( " File ' " + s + " ' not found (1040). " ); } if (s.equals( "" )) { throw new IllegalArgumentException( " File ' " + s + " ' not found (1040). " ); } if ( ! isVirtual(s) && m_denyPhysicalPath) { throw new SecurityException( " Physical path is denied (1035). " ); } if (isVirtual(s)) { s = m_application.getRealPath(s); } java.io.File file = new java.io.File(s); FileInputStream fileinputstream = new FileInputStream(file); long l = file.length(); // boolean flag = false; int k = 0 ; byte abyte0[] = new byte [i]; if (s1 == null ) { m_response.setContentType( " application/x-msdownload " ); } else { if (s1.length() == 0 ) { m_response.setContentType( " application/x-msdownload " ); } else { m_response.setContentType(s1); } } m_response.setContentLength(( int ) l); m_contentDisposition = m_contentDisposition != null ? m_contentDisposition : " attachment; " ; if (s2 == null ) { m_response.setHeader( " Content-Disposition " , m_contentDisposition + " filename= " + toUtf8String(getFileName(s))); } else { if (s2.length() == 0 ) { m_response.setHeader( " Content-Disposition " , m_contentDisposition); } else { m_response.setHeader( " Content-Disposition " , m_contentDisposition + " filename= " + s2); } } while (( long ) k < l) { int j = fileinputstream.read(abyte0, 0 , i); k += j; m_response.getOutputStream().write(abyte0, 0 , j); } fileinputstream.close(); } /** * 将文件名中的汉字转为UTF8编码的串,以便下载时能正确显示另存的文件名. 纵横软件制作中心雨亦奇2003.08.01 * * @param s * 原文件名 * @return 重新编码后的文件名 */ public static String toUtf8String(String s) { StringBuffer sb = new StringBuffer(); for ( int i = 0 ; i < s.length(); i ++ ) { char c = s.charAt(i); if (c >= 0 && c <= 255 ) { sb.append(c); } else { byte [] b; try { b = Character.toString(c).getBytes( " utf-8 " ); } catch (Exception ex) { System.out.println(ex); b = new byte [ 0 ]; } for ( int j = 0 ; j < b.length; j ++ ) { int k = b[j]; if (k < 0 ) k += 256 ; sb.append( " % " + Integer.toHexString(k).toUpperCase()); } } } return sb.toString(); } public void downloadField(ResultSet resultset, String s, String s1, String s2) throws ServletException, IOException, SQLException { if (resultset == null ) { throw new IllegalArgumentException( " The RecordSet cannot be null (1045). " ); } if (s == null ) { throw new IllegalArgumentException( " The columnName cannot be null (1050). " ); } if (s.length() == 0 ) { throw new IllegalArgumentException( " The columnName cannot be empty (1055). " ); } byte abyte0[] = resultset.getBytes(s); if (s1 == null ) { m_response.setContentType( " application/x-msdownload " ); } else { if (s1.length() == 0 ) { m_response.setContentType( " application/x-msdownload " ); } else { m_response.setContentType(s1); } } m_response.setContentLength(abyte0.length); if (s2 == null ) { m_response.setHeader( " Content-Disposition " , " attachment; " ); } else { if (s2.length() == 0 ) { m_response.setHeader( " Content-Disposition " , " attachment; " ); } else { m_response.setHeader( " Content-Disposition " , " attachment; filename= " + s2); } } m_response.getOutputStream().write(abyte0, 0 , abyte0.length); } public void fieldToFile(ResultSet resultset, String s, String s1) throws ServletException, IOException, SmartUploadException, SQLException { try { if (m_application.getRealPath(s1) != null ) { s1 = m_application.getRealPath(s1); } InputStream inputstream = resultset.getBinaryStream(s); FileOutputStream fileoutputstream = new FileOutputStream(s1); int i; while ((i = inputstream.read()) != - 1 ) { fileoutputstream.write(i); } fileoutputstream.close(); } catch (Exception exception) { throw new SmartUploadException( " Unable to save file from the DataBase (1020). " ); } } private String getDataFieldValue(String s, String s1) { String s2 = "" ; // = new String(); String s3 = "" ; // = new String(); int i = 0 ; // boolean flag = false; // boolean flag1 = false; // boolean flag2 = false; s2 = s1 + " = " + ' " ' ; i = s.indexOf(s2); if (i > 0 ) { int j = i + s2.length(); int k = j; s2 = " /" " ; int l = s.indexOf(s2, j); if (k > 0 && l > 0 ) { s3 = s.substring(k, l); } } return s3; }private String getFileExt(String s) { String s1; // = new String(); int i = 0; int j = 0; if (s == null) { return null; } i = s.lastIndexOf('.') + 1; j = s.length(); s1 = s.substring(i, j); if (s.lastIndexOf('.') > 0) { return s1; } else { return ""; } } private String getContentType(String s) { String s1 = ""; // = new String(); String s2 = ""; // = new String(); int i = 0; //boolean flag = false; s1 = "Content-Type:"; i = s.indexOf(s1) + s1.length(); if (i != -1) { int j = s.length(); s2 = s.substring(i, j); } return s2; } private String getTypeMIME(String s) { //String s1 = new String(); int i = 0; i = s.indexOf("/"); if (i != -1) { return s.substring(1, i); } else { return s; } } private String getSubTypeMIME(String s) { //String s1 = new String(); //boolean flag = false; int i = 0; i = s.indexOf("/") + 1; if (i != -1) { int j = s.length(); return s.substring(i, j); } else { return s; } } private String getContentDisp(String s) { //String s1 = new String(); String s1 = ""; int i = 0; int j = 0; i = s.indexOf(":") + 1; j = s.indexOf(";"); s1 = s.substring(i, j); return s1; } private void getDataSection() { //boolean flag = false; //String s = ""; //String s = new String(); int i = m_currentIndex; int j = 0; int k = m_boundary.length(); m_startData = m_currentIndex; m_endData = 0; while (i < m_totalBytes) { if (m_binArray[i] == (byte) m_boundary.charAt(j)) { if (j == k - 1) { m_endData = ((i - k) + 1) - 3; break; } i++; j++; } else { i++; j = 0; } } m_currentIndex = m_endData + k + 3; } private String getDataHeader() { //boolean flag = false; int i = m_currentIndex; int j = 0; for (boolean flag1 = false; !flag1;) { if (m_binArray[m_currentIndex] == 13 && m_binArray[m_currentIndex + 2] == 13) { flag1 = true; j = m_currentIndex - 1; m_currentIndex = m_currentIndex + 2; } else { m_currentIndex++; } } String s = new String(m_binArray, i, (j - i) + 1); return s; } private String getFileName(String s) { //String s1 = ""; // = new String(); //String s2 = ""; // = new String(); //boolean flag = false; //boolean flag1 = false; //boolean flag2 = false; int i = 0; i = s.lastIndexOf('/'); if (i != -1) { return s.substring(i + 1, s.length()); } i = s.lastIndexOf('//'); if (i != -1) { return s.substring(i + 1, s.length()); } else { return s; } } public void setDeniedFilesList(String s) throws ServletException, IOException, SQLException { //String s1 = ""; if (s != null) { String s2 = ""; for (int i = 0; i < s.length(); i++) { if (s.charAt(i) == ',') { if (!m_deniedFilesList.contains(s2)) { m_deniedFilesList.addElement(s2); } s2 = ""; } else { s2 = s2 + s.charAt(i); } } //if(s2 != "") if (!s2.equals("")) { m_deniedFilesList.addElement(s2); } } else { m_deniedFilesList = null; } } public void setAllowedFilesList(String s) { //String s1 = ""; if (s != null) { String s2 = ""; for (int i = 0; i < s.length(); i++) { if (s.charAt(i) == ',') { if (!m_allowedFilesList.contains(s2)) { m_allowedFilesList.addElement(s2); } s2 = ""; } else { s2 = s2 + s.charAt(i); } } //if(s2 != "") if (!s2.equals("")) { m_allowedFilesList.addElement(s2); } } else { m_allowedFilesList = null; } } public void setDenyPhysicalPath(boolean flag) { m_denyPhysicalPath = flag; } public void setForcePhysicalPath(boolean flag) { //m_forcePhysicalPath = flag; } public void setContentDisposition(String s) { m_contentDisposition = s; } public void setTotalMaxFileSize(long l) { m_totalMaxFileSize = l; } public void setMaxFileSize(long l) { m_maxFileSize = l; } protected String getPhysicalPath(String s, int i) throws IOException { String s1 = ""; //new String(); String s2 = ""; //new String(); String s3 = ""; //new String(); boolean flag = false; s3 = System.getProperty("file.separator"); if (s == null) { throw new IllegalArgumentException( "There is no specified destination file (1140)."); } if (s.equals("")) { throw new IllegalArgumentException( "There is no specified destination file (1140)."); } if (s.lastIndexOf("//") >= 0) { s1 = s.substring(0, s.lastIndexOf("//")); s2 = s.substring(s.lastIndexOf("//") + 1); } if (s.lastIndexOf("/") >= 0) { s1 = s.substring(0, s.lastIndexOf("/")); s2 = s.substring(s.lastIndexOf("/") + 1); } s1 = s1.length() != 0 ? s1 : "/"; java.io.File file = new java.io.File(s1); if (file.exists()) { flag = true; } if (i == 0) { if (isVirtual(s1)) { s1 = m_application.getRealPath(s1); if (s1.endsWith(s3)) { s1 = s1 + s2; } else { s1 = s1 + s3 + s2; } return s1; } if (flag) { if (m_denyPhysicalPath) { throw new IllegalArgumentException( "Physical path is denied (1125)."); } else { return s; } } else { throw new IllegalArgumentException( "This path does not exist (1135)."); } } if (i == 1) { if (isVirtual(s1)) { s1 = m_application.getRealPath(s1); if (s1.endsWith(s3)) { s1 = s1 + s2; } else { s1 = s1 + s3 + s2; } return s1; } if (flag) { throw new IllegalArgumentException( "The path is not a virtual path."); } else { throw new IllegalArgumentException( "This path does not exist (1135)."); } } if (i == 2) { if (flag) { if (m_denyPhysicalPath) { throw new IllegalArgumentException( "Physical path is denied (1125)."); } else { return s; } } if (isVirtual(s1)) { throw new IllegalArgumentException( "The path is not a physical path."); } else { throw new IllegalArgumentException( "This path does not exist (1135)."); } } else { return null; } } public void uploadInFile(String s) throws IOException, SmartUploadException { //boolean flag = false; int i = 0; int j = 0; if (s == null) { throw new IllegalArgumentException( "There is no specified destination file (1025)."); } if (s.length() == 0) { throw new IllegalArgumentException( "There is no specified destination file (1025)."); } if (!isVirtual(s) && m_denyPhysicalPath) { throw new SecurityException("Physical path is denied (1035)."); } i = m_request.getContentLength(); m_binArray = new byte[i]; int k; for (; j < i; j += k) { try { k = m_request.getInputStream().read(m_binArray, j, i - j); } catch (Exception exception) { throw new SmartUploadException("Unable to upload."); } } if (isVirtual(s)) { s = m_application.getRealPath(s); } try { java.io.File file = new java.io.File(s); FileOutputStream fileoutputstream = new FileOutputStream(file); fileoutputstream.write(m_binArray); fileoutputstream.close(); } catch (Exception exception1) { throw new SmartUploadException( "The Form cannot be saved in the specified file (1030)."); } } private boolean isVirtual(String s) { if (m_application.getRealPath(s) != null) { java.io.File file = new java.io.File(m_application.getRealPath(s)); return file.exists(); } else { return false; } } }
package smartupload;
public class SmartUploadException extends Exception
{
SmartUploadException(String s)
{
super(s);
}
}