downlog.jsp
4.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<%@ page language="java"%><%@ page import="javax.servlet.*" %><%@ page import="javax.servlet.http.*" %><%@ page import="java.util.Properties" %><%@ page import="java.io.*" %><%@ page import="java.text.*" %><%@ page import="java.util.*" %><%@ page import="java.net.*" %><%@ page import="java.util.zip.*" %><%@ page import="java.math.*" %><%@ page import="java.nio.charset.Charset" %><%@ page import="org.apache.commons.httpclient.HttpClient" %><%@ page import="org.apache.commons.httpclient.methods.GetMethod" %><%@ page import="java.util.regex.*" %><%
String logName = request.getParameter("logName");
String otherIp = request.getParameter("otherIp");
weaver.hrm.User user = (weaver.hrm.User)request.getSession(true).getAttribute("weaver_user@bean");
String ip = getIpAddress(request);
if(user==null && !(ip!=null && innerIP(ip))){
return ;
}
if(otherIp!=null){
otherIp = otherIp.replace("-",":");
downotherlog(logName,otherIp,response);
}else{
deal(request,response);
}
%><%!
public static boolean innerIP(String ip) {
String pattern = "((192\\.168|172\\.([1][6-9]|[2]\\d|3[01]))"
+ "(\\.([2][0-4]\\d|[2][5][0-5]|[01]?\\d?\\d)){2}|"
+ "^(\\D)*10(\\.([2][0-4]\\d|[2][5][0-5]|[01]?\\d?\\d)){3})";
Pattern reg = Pattern.compile(pattern);
Matcher match = reg.matcher(ip);
return match.find()||ip.equals("127.0.0.1");
}
public String getIpAddress(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
if (ip.contains(",")) {
return ip.split(",")[0];
} else {
return ip;
}
}
private void deal(HttpServletRequest request,HttpServletResponse response){
response.reset();
String logName = request.getParameter("logName");
if(!logName.endsWith(".zip") || logName.indexOf("/")!=-1 || logName.indexOf("\\")!=-1 || logName.indexOf("..")!=-1){
return ;
}
FileInputStream in = null;
OutputStream outs = null;
try{
response.setContentType("application/octet-stream");
response.setHeader("content-disposition", "attachment;filename="+logName);
response.setCharacterEncoding("ISO8859-1");
String ecologyPathtmp = request.getRealPath("/");
if(!ecologyPathtmp.endsWith(File.separator)){
ecologyPathtmp=ecologyPathtmp+File.separator;
}
if(logName.indexOf("..")!=-1 || logName.indexOf("\0")!=-1){
return ;
}
in = new FileInputStream(ecologyPathtmp+"getlog"+File.separator+"log"+File.separator+logName);
outs = response.getOutputStream();
outs.flush();
byte buffer[] = new byte[1024];
int len = 0;
while((len=in.read(buffer))>0){
outs.write(buffer, 0, len);
}
}catch(Exception e){
e.printStackTrace();
}
finally{
try{
if(in!=null){
in.close();
}
if(outs!=null){
outs.flush();
outs.close();
}
}catch(Exception e){}
}
}
private void downotherlog(String logName,String otherIp,HttpServletResponse response){
response.reset();
InputStream in = null;
OutputStream outs = null;
try{
response.setContentType("application/octet-stream");
response.setHeader("content-disposition", "attachment;filename="+logName);
response.setCharacterEncoding("ISO8859-1");
HttpClient client = new HttpClient();
GetMethod httpget = new GetMethod("http://"+otherIp+"/getlog/downlog.jsp?logName="+logName);
client.executeMethod(httpget);
in = httpget.getResponseBodyAsStream();
outs = response.getOutputStream();
outs.flush();
byte buffer[] = new byte[1024];
int len = 0;
while((len=in.read(buffer))>0){
outs.write(buffer, 0, len);
}
}catch(Exception e){
e.printStackTrace();
}
finally{
try{
if(in!=null){
in.close();
}
if(outs!=null){
outs.flush();
outs.close();
}
}catch(Exception e){}
}
}
%>