manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

禁用UEditor图片抓取器,对CMS模版查看的地址进行限定

Browse Source
This commit is contained in:
thinkgem
2025-07-08 00:18:52 +08:00
parent b522b3ff1e
commit 1c5e49b081
2 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
modules/cms/src/main/java/com/jeesite/modules/cms/utils/FileTempleteUtils.java
View File

@@ -4,16 +4,16 @@
*/ */
package com.jeesite.modules.cms.utils; package com.jeesite.modules.cms.utils;
import java.io.IOException;
import java.util.List;
import java.util.Set;
import org.springframework.core.io.Resource;
import com.jeesite.common.collect.ListUtils; import com.jeesite.common.collect.ListUtils;
import com.jeesite.common.collect.SetUtils; import com.jeesite.common.collect.SetUtils;
import com.jeesite.common.io.ResourceUtils; import com.jeesite.common.io.ResourceUtils;
import com.jeesite.common.lang.StringUtils;
import com.jeesite.modules.cms.entity.FileTemplete; import com.jeesite.modules.cms.entity.FileTemplete;
import org.springframework.core.io.Resource;
import java.io.IOException;
import java.util.List;
import java.util.Set;
/** /**
* 模板文件公共类库 * 模板文件公共类库
@@ -26,7 +26,10 @@ public class FileTempleteUtils {
* 获取模版文件 * 获取模版文件
* @param fileName * @param fileName
*/ */
public static FileTemplete getFileTempleteByResource(String fileName) throws IOException { public static FileTemplete getFileTempleteByResource(String fileName) {
if (!StringUtils.startsWith(fileName, "views/modules/cmsfront")) {
fileName = "views/modules/cmsfront/themes/default/index.html";
}
Resource resource = ResourceUtils.getResource(fileName); Resource resource = ResourceUtils.getResource(fileName);
return new FileTemplete(resource, fileName); return new FileTemplete(resource, fileName);
} }

16
modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java
View File

@@ -6,7 +6,6 @@ import com.jeesite.common.ueditor.define.AppInfo;
import com.jeesite.common.ueditor.define.BaseState; import com.jeesite.common.ueditor.define.BaseState;
import com.jeesite.common.ueditor.define.State; import com.jeesite.common.ueditor.define.State;
import com.jeesite.common.ueditor.hunter.FileManager; import com.jeesite.common.ueditor.hunter.FileManager;
import com.jeesite.common.ueditor.hunter.ImageHunter;
import com.jeesite.common.ueditor.upload.Uploader; import com.jeesite.common.ueditor.upload.Uploader;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@@ -72,13 +71,14 @@ public class ActionEnter {
state = new Uploader(request, conf).doExec(); state = new Uploader(request, conf).doExec();
break; break;
case ActionMap.CATCH_IMAGE: case ActionMap.CATCH_IMAGE:
if (Global.isDemoMode()) { // if (Global.isDemoMode()) {
state = new BaseState(false, "演示模式,不允许操作!"); // state = new BaseState(false, "演示模式,不允许操作!");
break; // break;
} // }
conf = configManager.getConfig(actionCode); // conf = configManager.getConfig(actionCode);
String[] list = this.request.getParameterValues((String) conf.get("fieldName")); // String[] list = this.request.getParameterValues((String) conf.get("fieldName"));
state = new ImageHunter(request, conf).capture(list); // state = new ImageHunter(request, conf).capture(list);
state = new BaseState(false, "该功能暂不提供支持");
break; break;
case ActionMap.LIST_IMAGE: case ActionMap.LIST_IMAGE:
case ActionMap.LIST_FILE: case ActionMap.LIST_FILE: