jsp文件上传漏洞（jsp实现excel文件上传）

在项目中，经常用到的一个功能就是文件的上传和下载，不过大多数情况下都是通用的工具类，自己写的情况较少，这里写个通过spring框架和ajaxfileupload插件实现上传的小功能，做个练习和记录。
首先配置下springmvc的配置文件，配置支持文件上传

<!-- 配置multipartresolver 用于文件上传 使用spring的commosmultipartresolver     说明：    p:defaultencoding="utf-8"：这里设置默认的文件编码为utf-8，必须与用户jsp的默认编码一致；    p:maxuploadsize="5000000"：指定文件上传大小，单位为字节；    p:uploadtempdir="fileupload/temp"：文件上传临时目录，上传完成后，就会将临时文件删除；        -->       <bean id="multipartresolver" class="org.springframework.web.multipart.commons.commonsmultipartresolver"          p:defaultencoding="utf-8"          p:maxuploadsize="5000000"          p:uploadtempdir="fileupload/temp"       >      </bean>  

然后写个简单的jsp页面，为了方便绑定数据，引入spring自带的form表单标签，引入语句

<%@taglib uri="http://www.springframework.org/tags/form" prefix="for给十年后的自己m" %> 

form表单实现一个简单的注册功能，虽然说美感不好，这里还是引用了下bootstrap做了个简单的排版。因为原版的file标签的格式无法调整，所有用了其他的小标签代替，然后用按钮去触发file标签

<%@ page language="java" import="java.util.*" pageencoding="utf-8"%><%string path = request.getcontextpath();string bapath = request.getscheme()+"://"+request.getrvername()+":"+request.getrverport()+path+"/";request.tattribute("_path", path);%><%@taglib uri="http://www.springframework.org/tags/form" prefix="form" %> <!doctype html public "-//w3c//dtd html 4.01 transitional//en"><html>  <head>    <ba href="<%=bapath%>">        <title>my jsp 'index.jsp' starting page</title>        <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="this is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->    <link rel="stylesheet" href="<%=bapath%>static/css/bootstrap.css"/>    <script type="text/javascript" src="<%=bapath%>static/js/jquery.min.js"></script>    <script type="text/javascript" src="<%=bapath%>static/js/ajaxfileupload.js"></script>    <script type="text/javascript" src="<%=bapath%>static/js/bootstrap.js"></script>    <script type="text/javascript" src="<%=bapath%>static/js/jquery.json-2.4.js" chart="utf-8"></script>     <script type="text/javascript">        var path = "${_path}";        $(function(){                        /* 重置form表单功能 */            $("#clean").click(function(){                document.getelementbyid("ur").ret();                $("#urname").attr("value","");                $("#password").attr("我和陈明是好朋友续写value","");                $("#name").attr("value","");                $("#x").attr("value","");                $("#file").attr("value","");            });                        /* begin 附件上功能 */            $("#choo").click(function(){                $("#fileupload").click();            });            $("#fileupload").change(function(){                $("#file").attr("value",$("#fileupload").val());                $.ajaxfileupload({                      type: "post",                      url: path+"/fileupload.do",                      data:{filename:$("#fileupload").val()},//要传到后台的参数，没有可以不写                      cureuri : fal,//是否启用安全提交，默认为fal                      fileelementid:'fileupload',//文件选择框的id属性                      datatype: 'json',//服务器返回的格式                      async : fals招聘会流程e,                      success: function(mes){                         if(mes.message=="ok"){                           alert("附件上传成功");                       }                       if(mes.message=="ng"){                           alert("附件上传失败");                       }                    },     北方大雪                 error: function (){                          alert("附件上传失败");                    }                  });            });            /* end 附件上功能 */        });    </script>  </head>    <body>  <div class="container" style="width: 100%" >    <div> </div>    <div class="row">        <div class="col-lg-5 col-md-5 col-sm-5 col-xs-5"></div>        <div class="col-lg-1 col-md-1 col-sm-1 col-xs-1" >注册页面</div>    </div>   <div> </div>   <div class="row">        <form:form commandname="ur" action="${_path }/register.do"  method="post" enctype="multipart/form-data">            <div  class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div>            <div  class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">账号：</div>            <form:input path="urname" type = "text" value = "" class="input-large"/>            <div> </div>            <div  class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div>            <div  class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">密码：</div>            <form:input path="password" type = "password" class="input-large"/>            <div> </div>            <div  class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div>            <div  class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">姓名：</div>            <form:input path="name" type = "text" value = "" class="input-large"/>            <div> </div>            <div  class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div>            <div  class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">性别：</div>            <form:input path="x" type = "text" value = "" class="input-large"/>            <div> </div>            <div  class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div>            <div  class="col-lg-1 col-md-1 col-sm-1 col-xs-1" style="text-align:right">附件：</div>            <input id = "fileupload" name = "fileupload" type = "file"  style=" display: none">            <form:input type ="text" class="input-large" path= "file" />            <input id ="choo" type="button" value = "选择" class="btn btn-primary btn-xs"/>            <div> </div>            <div  class="col-lg-4 col-md-4 col-sm-4 col-xs-4"></div>            <div  class="col-lg-2 col-md-2 col-sm-2 col-xs-2" style="text-align:right">                <input id = "upload" type = "submit" value = "提交" class="btn btn-default btn-sm"/>                                    <input id ="clean" type="button" value = "清除" class="btn btn-default btn-sm"/>            </div>                    </form:form>    </div>  </div>  </body></html>

后台页面控制器，因为用了springmvc的form表单，所以在渲染的时候模型中一定要有ur这个对象，所以我们用控制器跳转页面

@requestmapping("/login.do")    public string login(@modelattribute("ur") ur ur, model model){        system.out.println("进入");        ur.tname("小明");        ur.tx("男");        ur.turname("叶良辰");        model.addattribute("ur", ur);                return "index";            }

这里为了显示springmvc form的自动绑定功能，我给ur对象设置了值，在jsp页面，如果form:input标签由path属性和ur里的属性一样，会自动设置值

附件的js代码在上面的jsp页面中已经写好了，下面是后台控制的controller，因为我们配置了multipartresolver，所以form表单是设置了enctype=”multipart/form-data，后台一样能直接取出文本值
接受文本框内容的controller

    @requestmapping("/register.do")    public string register(@modelattribute("ur") ur ur, model model){        model.addattribute("ur", ur);        system.out.println(ur);        return "index";            }

附件上传的controller

    @requestmapping("/fileupload.do")    public @responbody message fileupload(httprvletrequest request,@requestparam("fileupload") multipartfile file,            @requestparam("filename") string filename,@modelattribute("ur") ur ur,model model,message mes){                //简单判断文件是否为空        if(!file.impty()){                        try {                // 文件保存路径                  string filepath = request.getssion().getrvletcontext().getrealpath("/") + "fileupload/"      成都市学校安全教育平台                    + file.getoriginalfilename();                file.transferto(new file(filepath));                mes.tmessage("ok");            } catch (exception e) {                mes.tmessage("ng");                e.printstacktrace();            }        }        ur.tfile(filename);        system.out.println(filename);        model.addattribute("ur", ur);        system.out.println(ur);        return mes;            }