티스토리 뷰
<%@ page import="java.util.*, java.io.*, java.net.*"%>
<script type="text/javascript">
function callDown(){
var file_name=document.getElementById("file_name").value;
var targetURL="/aa/adminLogDown?file_name="+file_name;
location.href=targetURL;
}
<input id="file_name" type="text" size="50">
<button onclick="callDown();">Download</button>
<%
String line="";
String file_name=(String) request.getParameter("file_name");
//취약점 대응(윈도우 경로는 C:/aa/aa)
if(file_name!=null){
file_name=file_name.replace("../","");
file_name=file_name.replace("./","");
file_name=file_name.replace(".\\","");
file_name=file_name.replace("..\\","");
file_name=file_name.replace("%","");
file_name=file_name.replace(";","");
}
File f =new File(file_name);
if(f.exists()){
byte buff[] = new byte[1024*20];
int bytesRead;
try{
response.setContentType("application/x-donwload");
response.setHeader("Content-Disposition","attachment; filename="+file_name);
FileInputStream fin=new java.io.FileInputStream(f);
BufferedInputStream bis=new BufferedInputStream(fin);
ServletOutputStream fout=response.getOutputStream();
BufferedOutputStream bos=new BufferedOutputStream(fout);
while((bytesRead=bis.read(buff))!=-1){
bos.write(buff,0,bytesRead);
}
bos.flush();
fin.close();
fout.close();
bis.close();
bos.close();
}catch(IOException e){
response.setContentType("text/html");
out.println("Error:"+e.getMessage());
line=e.getMessage();
}
}else{
response.setContentType("text/html");
line="file is not exist";
}
}
%>
<%=line%>
<script type="text/javascript">
function callDown(){
var file_name=document.getElementById("file_name").value;
var targetURL="/aa/adminLogDown?file_name="+file_name;
location.href=targetURL;
}
<input id="file_name" type="text" size="50">
<button onclick="callDown();">Download</button>
<%
String line="";
String file_name=(String) request.getParameter("file_name");
//취약점 대응(윈도우 경로는 C:/aa/aa)
if(file_name!=null){
file_name=file_name.replace("../","");
file_name=file_name.replace("./","");
file_name=file_name.replace(".\\","");
file_name=file_name.replace("..\\","");
file_name=file_name.replace("%","");
file_name=file_name.replace(";","");
}
File f =new File(file_name);
if(f.exists()){
byte buff[] = new byte[1024*20];
int bytesRead;
try{
response.setContentType("application/x-donwload");
response.setHeader("Content-Disposition","attachment; filename="+file_name);
FileInputStream fin=new java.io.FileInputStream(f);
BufferedInputStream bis=new BufferedInputStream(fin);
ServletOutputStream fout=response.getOutputStream();
BufferedOutputStream bos=new BufferedOutputStream(fout);
while((bytesRead=bis.read(buff))!=-1){
bos.write(buff,0,bytesRead);
}
bos.flush();
fin.close();
fout.close();
bis.close();
bos.close();
}catch(IOException e){
response.setContentType("text/html");
out.println("Error:"+e.getMessage());
line=e.getMessage();
}
}else{
response.setContentType("text/html");
line="file is not exist";
}
}
%>
<%=line%>
'자바(Java)' 카테고리의 다른 글
| 자바 리눅스 쉘 실행 (0) | 2020.01.22 |
|---|---|
| [JAVA] 자바 rmi(remote method invocation) 샘플 예제 코드 (3) | 2020.01.17 |
| 자바 aes 암호화 복호화 예제 (0) | 2019.12.09 |
| 톰캣 로그 설정 [WAS] Tomcat 로그 설정(무분별하게 커지는 catalina.out 용량 설정하기) (0) | 2019.12.04 |
| [Java] 암호화를 위한 Cipher 클래스 (Java로 AES, RSA 암호화, 복호화) (0) | 2019.11.26 |
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
링크
TAG
- C
- 자바 셀레니움
- webix
- ocjap
- 문자열
- 이클립스
- xe addon
- php
- ocajp
- 자바 smtp
- 자바
- esql
- 오라클
- 파싱
- proc
- xe애드온
- 스크래핑
- 파이썬
- XE3
- KG
- ocpjp
- MySQL
- XE
- 프로씨
- C언어
- Python
- EC
- 인포믹스
- JDBC
- 포인터
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
글 보관함