解决教学平台上文件中存在无扩展名ＢＵＧ的办法

Jfinal中添加过滤器声明

    public void configHandler(Handlers me) 
    {
        me.add(new XssHandler());
    }
    

过滤器

package com.demo.common.config;


import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.jfinal.handler.Handler;

/**
 * 统一XSS处理
 */
public class XssHandler extends Handler
{

    @Override
    public void handle(String target, HttpServletRequest request,
                       HttpServletResponse response, boolean[] isHandled)
    {
        
        System.out.println(target);
        
        if(target.equals("/css/2222"))
        {
            String abc=target.replaceAll("/", "\\"); //这里是为什么要加４个???\\

            String path="C:\Users\Administrator\Desktop\jfinal_demo\WebRoot"+abc;
            try {
                response.setHeader("Content-Type","application/octet-stream");
                response.setHeader("content-disposition", "attachment;filename=" + 
                        URLEncoder.encode("2222", "UTF-8"));
                
                     InputStream in = null ;  
                    OutputStream out = null ;  
                    try  
                    {  
                       in = new FileInputStream(path); //获取文件的流  
                       int len = 0;  
                       byte buf[] = new byte[1024];//缓存作用  
                       out = response.getOutputStream();//输出流  
                       while( (len = in.read(buf)) > 0 ) //切忌这后面不能加 分号 ”;“  
                       {  
                           out.write(buf, 0, len);//向客户端输出，实际是把数据存放在response中，然后web服务器再去response中读取  
                       }  
                    } catch (FileNotFoundException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                    } catch (IOException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                    }finally  
                    {  
                        if(in!=null)  
                        {  
                          try{                
                              in.close();  
                          }catch(IOException e){  
                             e.printStackTrace();  
                           }  
                        }  
                          
                        if(out!=null)  
                        {  
                           try{  
                               out.close();  
                           }catch(IOException e){  
                               e.printStackTrace();  
                            }  
                         }  
                     }  
                
            } catch (UnsupportedEncodingException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
        //System.out.println("target -> " + target);
        // 对于非静态文件，和非指定排除的url实现过滤
        /*
        if (!target.contains(".") && !target.startsWith(exclude))
        {
            System.out.println("target -> " + target);
            request = new HttpServletRequestWrapper(request);
        }
        nextHandler.handle(target, request, response, isHandled);*/
    }
}