jsp实现excel文件上传(jsp文件上传漏洞)

在项目中,经常用到的一个功能就是文件的上传和下载,不过大多数情况下都是通用的工具类,自己写的情况较少,这里写个通过Spring框架和ajaxFileUpload插件实现上传的小功能,做个练习和记录。
首先配置下SpringMVC的配置文件,配置支持文件上传

<!-- 配置MultipartResolver 用于文件上传 使用spring的CommosMultipartResolver 说明: p:defaultEncoding="UTF-8":这里设置默认的文件编码为UTF-8,必须与用户JSP的默认编码一致; p:maxUploadSize="5000000":指定文件上传大小,单位为字节; p:uploadTempDir="fileUpload/temp":文件上传临时目录,上传完成后,就会将临时文件删除; --> <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" p:defaultEncoding="UTF-8" p:maxUploadSize="5000000" p:uploadTempDir="fileUpload/temp" > </bean>

然后写个简单的JSP页面,为了方便绑定数据,引入Spring自带的Form表单标签,引入语句

<%@taglib uri="http://www.springframework.org/tags/form" prefix="form" %>

Form表单实现一个简单的注册功能,虽然说美感不好,这里还是引用了下bootstrap做了个简单的排版。因为原版的file标签的格式无法调整,所有用了其他的小标签代替,然后用按钮去触发file标签

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%> <% String path = request.getContextPath(); String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/"; request.setAttribute("_path", path); %> <%@taglib uri="http://www.springframework.org/tags/form" prefix="form" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <base href="<%=basePath%>"> <title>My JSP 'index.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> <link rel="stylesheet" href="<%=basePath%>static/css/bootstrap.css"/> <script type="text/javascript" src="<%=basePath%>static/js/jquery.min.js"></script> <script type="text/javascript" src="<%=basePath%>static/js/ajaxfileupload.js"></script> <script type="text/javascript" src="<%=basePath%>static/js/bootstrap.js"></script> <script type="text/javascript" src="<%=basePath%>static/js/jquery.json-2.4.js" charset="UTF-8"></script> <script type="text/javascript"> var path = "${_path}"; $(function(){ /* 重置Form表单功能 */ $("#clean").click(function(){ document.getElementById("user").reset(); $("#userName").attr("value",""); $("#password").attr("value",""); $("#name").attr("value",""); $("#sex").attr("value",""); $("#file").attr("value",""); }); /* begin 附件上功能 */ $("#choose").click(function(){ $("#fileUpload").click(); }); $("#fileUpload").change(function(){ $("#file").attr("value",$("#fileUpload").val()); $.ajaxFileUpload({ type: "POST", url: path+"/fileUpload.do", data:{fileName:$("#fileUpload").val()},//要传到后台的参数,没有可以不写 secureuri : false,//是否启用安全提交,默认为false fileElementId:'fileUpload',//文件选择框的id属性 dataType: 'json',//服务器返回的格式 async : false, success: function(mes){ if(mes.message=="OK"){ alert("附件上传成功"); } if(mes.message=="NG"){ alert("附件上传失败"); } }, error: function (){ alert("附件上传失败"); } }); }); /* end 附件上功能 */ }); </script> </head> <body> <div class="container" style="width: 100%" > <div> </div> <div class="row"> <div class="col-lg-5 col-md-5 col-sm-5 col-xs-5"></div> <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" >注册页面</div> </div> <div> </div> <div class="row"> <form:form commandName="user" action="${_path }/register.do" method="post" enctype="multipart/form-data"> <div class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div> <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">账号:</div> <form:input path="userName" type = "text" value = "" class="input-large"/> <div> </div> <div class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div> <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">密码:</div> <form:input path="password" type = "password" class="input-large"/> <div> </div> <div class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div> <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">姓名:</div> <form:input path="name" type = "text" value = "" class="input-large"/> <div> </div> <div class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div> <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">性别:</div> <form:input path="sex" type = "text" value = "" class="input-large"/> <div> </div> <div class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div> <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">附件:</div> <input id = "fileUpload" name = "fileUpload" type = "file" style=" display: none"> <form:input type ="text" class="input-large" path= "file" /> <input id ="choose" type="button" value = "选择" class="btn btn-primary btn-xs"/> <div> </div> <div class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div> <div class="col-lg-2 col-md-2 col-sm-2 col-xs-2" style="text-align:right"> <input id = "upload" type = "submit" value = "提交" class="btn btn-default btn-sm"/> <input id ="clean" type="button" value = "清除" class="btn btn-default btn-sm"/> </div> </form:form> </div> </div> </body> </html>

后台页面控制器,因为用了SpringMVC的form表单,所以在渲染的时候模型中一定要有user这个对象,所以我们用控制器跳转页面

@RequestMapping("/Login.do") public String Login(@ModelAttribute("user") User user, Model model){ System.out.println("进入"); user.setName("小明"); user.setSex("男"); user.setUserName("叶良辰"); model.addAttribute("user", user); return "index"; }

这里为了显示SpringMVC form的自动绑定功能,我给user对象设置了值,在JSP页面,如果form:input标签由path属性和user里的属性一样,会自动设置值

附件的js代码在上面的JSP页面中已经写好了,下面是后台控制的controller,因为我们配置了multipartResolver,所以form表单是设置了enctype=”multipart/form-data,后台一样能直接取出文本值
接受文本框内容的controller

@RequestMapping("/register.do") public String register(@ModelAttribute("user") User user, Model model){ model.addAttribute("user", user); System.out.println(user); return "index"; }

附件上传的controller

@RequestMapping("/fileUpload.do") public @ResponseBody Message fileUpload(HttpServletRequest request,@RequestParam("fileUpload") MultipartFile file, @RequestParam("fileName") String fileName,@ModelAttribute("user") User user,Model model,Message mes){ //简单判断文件是否为空 if(!file.isEmpty()){ try { // 文件保存路径 String filePath = request.getSession().getServletContext().getRealPath("/") + "fileUpload/" + file.getOriginalFilename(); file.transferTo(new File(filePath)); mes.setMessage("OK"); } catch (Exception e) { mes.setMessage("NG"); e.printStackTrace(); } } user.setFile(fileName); System.out.println(fileName); model.addAttribute("user", user); System.out.println(user); return mes; }

发布于 2022-01-15 23:01:21
收藏
分享
海报
0 条评论
31
上一篇:imagej灰度分析使用步骤(imagej灰度分析结果) 下一篇:jpg图片太大压缩方法(照片压缩怎么弄)
目录

    0 条评论

    本站已关闭游客评论,请登录或者注册后再评论吧~

    忘记密码?

    图形验证码