From ac001486e592f978730d15ebbb23881d51728274 Mon Sep 17 00:00:00 2001
From: bai <1643359946@qq.com>
Date: Tue, 11 Jun 2024 20:32:00 +0800
Subject: [PATCH] =?UTF-8?q?2024=E5=B9=B46=E6=9C=8811=E6=97=A5=20=E5=A2=9E?=
 =?UTF-8?q?=E5=8A=A0=E6=96=87=E4=BB=B6=E5=90=8D=E7=A7=B0=E8=BF=87=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/java/org/jeecg/common/util/SFTPUtil.java          | 3 ++-
 .../org/jeecg/modules/system/controller/CommonController.java  | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java b/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java
index 2451596f..b11ee776 100644
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SFTPUtil.java
@@ -2,6 +2,7 @@ package org.jeecg.common.util;
 
 import com.jcraft.jsch.*;
 import org.jeecg.common.constant.SymbolConstant;
+import org.jeecg.common.util.filter.StrAttackFilter;
 import org.jeecg.common.util.text.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -191,7 +192,7 @@ public class SFTPUtil {
             }
             String fileName = null;
             // 获取文件名
-            String orgName = file.getOriginalFilename();
+            String orgName = StrAttackFilter.filter(file.getOriginalFilename());
             orgName = CommonUtils.getFileName(orgName);
             if(orgName.indexOf(SymbolConstant.SPOT)!=-1){
                 fileName = orgName.substring(0, orgName.lastIndexOf(".")) + "_" + System.currentTimeMillis() + orgName.substring(orgName.lastIndexOf("."));
diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java
index f6c302f9..521095a7 100644
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java
@@ -15,6 +15,7 @@ import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.util.*;
 import org.jeecg.common.util.filter.FileTypeFilter;
+import org.jeecg.common.util.filter.StrAttackFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -183,7 +184,7 @@ public class CommonController {
             }
             // 获取文件名
             if(fileName == null){
-                String orgName = mf.getOriginalFilename();
+                String orgName = StrAttackFilter.filter(mf.getOriginalFilename());
                 if (orgName != null) {
                     orgName = CommonUtils.getFileName(orgName);
                     if(orgName.contains(SymbolConstant.SPOT)){