From 33d91a42ce714964dcc36df0733c960c1930a4cc Mon Sep 17 00:00:00 2001 From: tjlygdx Date: Wed, 10 Jun 2026 11:21:27 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BB=BB=E6=84=8F=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E4=B8=8A=E4=BC=A0/=E5=86=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../io/dataease/font/manage/FontManage.java | 33 ++++++++++++++----- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/core/core-backend/src/main/java/io/dataease/font/manage/FontManage.java b/core/core-backend/src/main/java/io/dataease/font/manage/FontManage.java index 8200a6d169..bbd6704c1e 100644 --- a/core/core-backend/src/main/java/io/dataease/font/manage/FontManage.java +++ b/core/core-backend/src/main/java/io/dataease/font/manage/FontManage.java @@ -37,6 +37,7 @@ import java.util.regex.Pattern; public class FontManage { private static final Pattern SAFE_FONT_FILE_NAME = Pattern.compile("^[A-Za-z0-9._-]+\\.ttf$", Pattern.CASE_INSENSITIVE); + private static final String TTF_EXTENSION = ".ttf"; @Value("${dataease.path.font:/opt/dataease2.0/data/font/}") private String path; @@ -164,18 +165,16 @@ public class FontManage { try { String filename = file.getOriginalFilename(); FileUtils.validateUploadFilename(filename); - if (StringUtils.isEmpty(filename) || !filename.toLowerCase().endsWith(".ttf")) { + if (StringUtils.isEmpty(filename) || !filename.toLowerCase().endsWith(TTF_EXTENSION)) { DEException.throwException("非法格式的文件!"); } - String fileTransName = fileNameUUID + ".ttf"; + UploadedFont uploadedFont = validateAndReadUploadedFont(file); + String fileTransName = fileNameUUID + TTF_EXTENSION; Path filePath = resolveFontPath(fileTransName); - try (OutputStream fileOutputStream = Files.newOutputStream(filePath, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)) { - fileOutputStream.write(file.getBytes()); - fileOutputStream.flush(); - } + Files.write(filePath, uploadedFont.bytes(), StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE); fontDto.setFileTransName(fileTransName); - long length = file.getSize(); + long length = uploadedFont.bytes().length; String unit = "MB"; Double size = 0.0; if ((double) length / 1024 / 1024 > 1) { @@ -189,16 +188,29 @@ public class FontManage { unit = "KB"; size = Double.valueOf(String.format("%.2f", (double) length / 1024)); } - Font font = Font.createFont(Font.TRUETYPE_FONT, filePath.toFile()); fontDto.setSize(size); fontDto.setSizeType(unit); - fontDto.setName(font.getFontName()); + fontDto.setName(uploadedFont.font().getFontName()); } catch (Exception e) { DEException.throwException(e); } return fontDto; } + private UploadedFont validateAndReadUploadedFont(MultipartFile file) throws Exception { + byte[] fileBytes = file.getBytes(); + if (fileBytes.length == 0) { + DEException.throwException("非法格式的文件!"); + } + try (ByteArrayInputStream inputStream = new ByteArrayInputStream(fileBytes)) { + Font font = Font.createFont(Font.TRUETYPE_FONT, inputStream); + return new UploadedFont(fileBytes, font); + } catch (FontFormatException e) { + DEException.throwException("非法格式的文件!"); + return null; + } + } + private void validateUploadedFont(String fileTransName) { if (StringUtils.isEmpty(fileTransName)) { return; @@ -253,4 +265,7 @@ public class FontManage { return StringUtils.isNotBlank(fileTransName) && SAFE_FONT_FILE_NAME.matcher(fileTransName).matches(); } + private record UploadedFont(byte[] bytes, Font font) { + } + }