티스토리 뷰

자바(Java)

jsp 파일 다운로드

xemaker 2021. 5. 6. 11:18

<%@ page language="java" session="true" contentType="text/html; charset=euc-kr" %>
<%@ page import="java.text.SimpleDateFormat,java.util.Date" %>
<%@ page import="java.util.*,java.io.*,java.net.*"%>

<html>
<head>
<script type="text/javascript">
function callDown(){
var file_name = document.getElementById("file_name").value;
var targetURL = "/logDown.jsp?file_name="+file_name;
location.href = targetURL;
}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=EUC-KR">
<title></title>
</head>

<body>

파일 경로 및 이름 (윈도일 경우: C:/aa)<input id="file_name" type="text" size="50" value="/data/test.txt">
<button onclick="callDown();">Download</button>

<table>
<tr><td class="bg">Result</td></tr>
<%

String line = "";

String file_name = (String)request.getParameter("file_name");

//취약점
if(file_name != null){
file_name = file_name.replace("../", "");
file_name = file_name.replace("./", "");
file_name = file_name.replace(".\\", "");
file_name = file_name.replace("..\\", "");
file_name = file_name.replace("%", "");
file_name = file_name.replace(";", "");
}

System.out.println("file_name="+file_name);

if(file_name == null || "".equals(file_name)){
line = "file info is empty";
}else{

System.out.println("========== request.getParameter file_name : " + file_name);

System.out.println("========== file_name : " + file_name);

File f = new File(file_name);
if(f.exists()){

int filesize = (int)f.length();
byte buff[] = new byte[1024*20];
int bytesRead;

try {
response.setContentType("application/x-msdownload");
response.setHeader("Content-Disposition","attachment; filename="+ file_name);
FileInputStream fin = new java.io.FileInputStream(f);
BufferedInputStream bis = new BufferedInputStream(fin);
ServletOutputStream fout = response.getOutputStream();
BufferedOutputStream bos = new BufferedOutputStream(fout);

while((bytesRead = bis.read(buff)) != -1) {
bos.write(buff, 0, bytesRead);
}
bos.flush();

fin.close();
fout.close();
bis.close();
bos.close();
line = "file download success";
} catch( IOException e){
response.setContentType("text/html");
out.println("Error : "+e.getMessage());
line = e.getMessage();
}
} else {
response.setContentType("text/html");
line = "file is not exist";
}
}
%>


</table>
</body>
</html>


'자바(Java)' 카테고리의 다른 글

start error=maxPostSize must be positive file upload seccess  (0) 2021.05.21
jsp 파일 다운로드  (0) 2021.05.10
자바 smtp 메일 보내기 소스  (0) 2021.05.03
[java] 자바 int L  (0) 2020.09.11
자바 Math.ceil 사용 방법  (0) 2020.09.01
공유하기 링크
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
TAG more
«   2025/01   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
글 보관함