From ea65ceaffe7b5e924e37c28e1c3f1e3b562ece6b Mon Sep 17 00:00:00 2001
From: wangjiahao <1522128093@qq.com>
Date: Mon, 14 Aug 2023 16:13:05 +0800
Subject: [PATCH] =?UTF-8?q?fix(=E4=BB=AA=E8=A1=A8=E6=9D=BF):=20=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D=E9=80=9A=E8=BF=87=E9=9D=99=E6=80=81=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E8=8E=B7=E5=8F=96=E6=8E=A5=E5=8F=A3=E5=8F=AF=E4=BB=A5=E5=A4=B8?=
 =?UTF-8?q?=E7=9B=AE=E5=BD=95=E8=AE=BF=E9=97=AE=E5=85=B6=E4=BB=96=E6=96=87?=
 =?UTF-8?q?=E4=BB=B6=E9=97=AE=E9=A2=98=20#5864?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../commons/utils/StaticResourceUtils.java         | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/backend/src/main/java/io/dataease/commons/utils/StaticResourceUtils.java b/backend/src/main/java/io/dataease/commons/utils/StaticResourceUtils.java
index bbb8e9090a..85e3c755a3 100644
--- a/backend/src/main/java/io/dataease/commons/utils/StaticResourceUtils.java
+++ b/backend/src/main/java/io/dataease/commons/utils/StaticResourceUtils.java
@@ -3,6 +3,8 @@ package io.dataease.commons.utils;
 import static io.dataease.commons.constants.StaticResourceConstants.*;
 
 import cn.hutool.core.codec.Base64Encoder;
+import io.dataease.exception.DataEaseException;
+import io.dataease.i18n.Translator;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.lang.NonNull;
 import org.springframework.util.Assert;
@@ -20,6 +22,8 @@ public class StaticResourceUtils {
 
     private final static String FILE_BASE_PATH = USER_HOME+ FILE_SEPARATOR+UPLOAD_URL_PREFIX;
 
+    private static final String FILE_NAME_REGEX_PATTERN = "^[A-Za-z0-9.-]{1,255}$";
+
     public static String ensureBoth(@NonNull String string, @NonNull String bothfix) {
         return ensureBoth(string, bothfix, bothfix);
     }
@@ -58,12 +62,22 @@ public class StaticResourceUtils {
         return StringUtils.removeEnd(string, suffix) + suffix;
     }
 
+    public static boolean validateStringFilenameUsingRegex(String filename) {
+        if (filename == null) {
+            return false;
+        }
+        return filename.matches(FILE_NAME_REGEX_PATTERN);
+    }
+
     /**
      *
      * @param imgFile  local storage path
      * @return
      */
     public static String getImgFileToBase64(String imgFile) {
+        if(!validateStringFilenameUsingRegex(imgFile)){
+            DataEaseException.throwException("Illegal File Name");
+        }
         //Convert the picture file into byte array  and encode it with Base64
         InputStream inputStream = null;
         byte[] buffer = null;