ecology_maven/weaver/file/FileUpload.java

package weaver.file;


/**
 * Title:        hpsales
 * Description:  for hp sales system
 * Copyright:    Copyright (c) 2001
 * Company:      weaver
 *
 * @author liuyu, Charoes Huang
 * @version 1.0 ,2004-6-25
 */

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import weaver.alioss.AliOSSObjectManager;
import weaver.conn.RecordSet;
import weaver.docs.docs.DocManager;
import weaver.docs.docs.ImageFileIdUpdate;
import weaver.email.MailCommonUtils;
import weaver.email.service.MailAliOSSService;
import weaver.file.multipart.DefaultFileRenamePolicy;
import weaver.file.multipart.MultipartRequest;
import weaver.file.multipart.UploadedFile;
import weaver.file.util.FileSuffixCheckUtil;
import weaver.file.util.PicCompression;
import weaver.filter.XssUtil;
import weaver.general.BaseBean;
import weaver.general.GCONST;
import weaver.general.StaticObj;
import weaver.general.Util;
import weaver.security.util.SecurityMethodUtil;
import weaver.system.SystemComInfo;

import javax.servlet.http.HttpServletRequest;
import java.io.*;
import java.net.URLDecoder;
import java.util.*;
import java.util.List;
import java.util.zip.ZipInputStream;

public class FileUpload extends BaseBean {
	private static ImageFileIdUpdate imageFileIdUpdate = new ImageFileIdUpdate();


	private MultipartRequest mpdata = null;
	HttpServletRequest request = null;
	private String[] filenames = null;
	private InputStream source = null;
	private ArrayList filesizes = new ArrayList();
	private ArrayList imagewidth = new ArrayList();
	private ArrayList imageheight = new ArrayList();
	private ArrayList delfilerealpaths = new ArrayList();
	private int mailid;
	private boolean needimagewidth = false;
	private boolean needzip = false;
	private boolean needzipencrypt = false;
	private String isaesencrypt = "0";
	private String aescode = "";
	private String remoteAddr = "";
	private XssUtil xss = null;

	public FileUpload(HttpServletRequest request) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request);
		this.request = request;
		this.xss = new XssUtil();
	}

	public FileUpload(HttpServletRequest request, String encode) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request, encode);
		this.request = request;
		this.xss = new XssUtil();
	}

	public FileUpload(HttpServletRequest request, String encode, boolean iszip, String isEmail) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request) && "1".equals(isEmail)) mpdata = getEmailAttachment(request, encode, iszip);
		this.request = request;
		this.xss = new XssUtil();
	}

	public FileUpload(HttpServletRequest request, String encode, boolean iszip) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request, encode, iszip);
		this.request = request;
		this.xss = new XssUtil();
	}

	public FileUpload(HttpServletRequest request, String encode, boolean iszip, boolean isoriginal) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request, encode, iszip, isoriginal);
		this.request = request;
		this.xss = new XssUtil();
	}

	//modify by mackjoe at 2005-11-28 td3282 获得request对象
	public HttpServletRequest getRequest() {
		return request;
	}

	//for license upload by chenyingjie 2003-06-26
	public FileUpload(HttpServletRequest request, boolean iszip) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request, iszip);
		this.request = request;
	}

	public FileUpload(HttpServletRequest request, boolean iszip, boolean isaesencrypt) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request, iszip, isaesencrypt);
		this.request = request;
	}


	//for homepage image upload by dongping 2006-8-24
	public FileUpload(HttpServletRequest request, boolean iszip, String strDirAddr) {
		this.remoteAddr = request.getRemoteAddr();
		if (isMultipartData(request)) mpdata = getAttachment(request, iszip, strDirAddr);
		this.request = request;
	}

	//html模板图片保存
	public FileUpload(HttpServletRequest request, boolean iszip, boolean encoding, String strDirAddr) {
		this.remoteAddr = Util.getIpAddr(request);
		if (isMultipartData(request)) mpdata = getAttachment(request, iszip, encoding, strDirAddr);
		this.request = request;
	}

	public Hashtable getUploadImgNames() {
		String el = "", imgpath = "", imgname = "";
		Hashtable ht = new Hashtable();
		for (Enumeration e = mpdata.getFileUploadNames(); e.hasMoreElements(); ) {
			el = (String) e.nextElement();
			if (el.indexOf("docimages_") == -1) continue;
			imgpath = Util.null2String(mpdata.getFilePath(el));
			imgname = Util.null2String(mpdata.getFileName(el));
			if (imgpath.equals("") || imgname.equals("")) continue;
			String elNumber = el.substring(el.indexOf("_") + 1, el.length());
			ht.put(elNumber, imgpath + imgname);

		}
		return ht;
	}

	public Hashtable getUploadFileNames() {
		String el = "", imgpath = "", imgname = "";
		Hashtable ht = new Hashtable();
		for (Enumeration e = mpdata.getFileUploadNames(); e.hasMoreElements(); ) {
			el = (String) e.nextElement();
			UploadedFile uploadedFile = mpdata.getUploadedFile(el);
			ht.put(el, uploadedFile);
		}
		return ht;
	}

	//modify by xhheng @20050315 for 流程附件上传
	public String getRemoteAddr() {
		return remoteAddr;
	}

	public String getParameter(String key) throws RuntimeException {
		if (!isMultipartData(request)) return Util.null2String(request.getParameter(key));
		if (mpdata == null) return "";
//        return Util.null2String(mpdata.getParameter(key)) ;

		try {
			String value = Util.null2String(mpdata.getParameter(key));
			if (!value.equals("")) {//特殊参数需要从paramsMap中获取
				if (value.startsWith(XssUtil.__RANDOM__)) {
					//xssUtil.cacheKey(Util.null2String(Thread.currentThread().hashCode()),value);
					return xss.get(value);
				}
			}
			return new String(value.getBytes("ISO8859_1"), "UTF-8");
		} catch (Exception ex) {
			return "";
		}
	}


	public String getParameter2(String key) {
		if (!isMultipartData(request)) return Util.null2String(request.getParameter(key));
		if (mpdata == null) return "";
		String value = Util.null2String(mpdata.getParameter(key));
		return value;
	}

	/**
	 * 本方法返回值不会对null进行特殊处理，如果是null则直接返回null，
	 * 如果是空字符串("")则直接返回空字符串("")。
	 *
	 * @param key
	 * @return
	 */
	public String getParameter3(String key) {
		if (!isMultipartData(request)) {
			return request.getParameter(key);
		}
		if (mpdata == null) {
			return null;
		}

		String value = mpdata.getParameter(key);
		if (value == null) {
			return null;
		}

		try {
			return new String(value.getBytes("ISO8859_1"), "UTF-8");
		} catch (Exception ex) {
			return value;
		}
	}

	public String[] getParameters(String key) {
		if (!isMultipartData(request)) return request.getParameterValues(key);
		if (mpdata == null) return null;
		String[] values = mpdata.getParameterValues(key);
		return values;
	}

	public Enumeration getParameterNames() {
		if (!isMultipartData(request)) return request.getParameterNames();
		if (mpdata == null) return null;
		return mpdata.getParameterNames();
	}

	public String[] getParameterValues(String name) {
		if (!isMultipartData(request)) return request.getParameterValues(name);
		if (mpdata == null) return null;
		String[] values = mpdata.getParameterValues(name);
		return values;
	}

	public String[] getParameterValues2(String name) {
		String[] values = null;
		if (!isMultipartData(request)) {
			values = request.getParameterValues(name);
			String[] multivalues = new String[values.length];
			try {
				for (int i = 0; i < values.length; i++) {
					multivalues[i] = new String(Util.null2String(values[i]).getBytes("ISO8859_1"), "UTF-8");
				}
			} catch (UnsupportedEncodingException e) {
				e.printStackTrace();
			}
			return multivalues;
		}
		if (mpdata == null) return null;
		values = mpdata.getParameterValues(name);
		String[] multivalues = new String[values.length];
		try {
			for (int i = 0; i < values.length; i++) {
				multivalues[i] = new String(Util.null2String(values[i]).getBytes("ISO8859_1"), "UTF-8");
			}
		} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
		}
		return multivalues;
	}


	public String getFileName() {
		return this.filenames[0].replace("'", "’");
	}

	public String[] getFileNames() {
		return this.filenames;
	}

	public void setFileNames(String[] filenames) {
		this.filenames = filenames;
	}

	public int getFileSize() {
		return Util.getIntValue((String) this.filesizes.get(0));
	}

	public int[] getFileSizes() {
		int[] filesizearr = new int[filesizes.size()];
		for (int i = 0; i < filesizes.size(); i++) filesizearr[i] = Util.getIntValue((String) this.filesizes.get(i));
		return filesizearr;
	}

	public void setFileSizes(ArrayList filesizes) {
		this.filesizes = filesizes;
	}

	public int getWidth() {
		return Util.getIntValue((String) this.imagewidth.get(0));
	}

	public int getHeight() {
		return Util.getIntValue((String) this.imageheight.get(0));
	}

	public int[] getWidths() {
		int[] imagewidtharr = new int[imagewidth.size()];
		for (int i = 0; i < imagewidth.size(); i++)
			imagewidtharr[i] = Util.getIntValue((String) this.imagewidth.get(i));
		return imagewidtharr;
	}

	public int[] getHeights() {
		int[] imageheightarr = new int[imageheight.size()];
		for (int i = 0; i < imageheight.size(); i++)
			imageheightarr[i] = Util.getIntValue((String) this.imageheight.get(i));
		return imageheightarr;
	}

	public void setMailid(int mailid) {
		this.mailid = mailid;
	}

	public int getMailid() {
		return mailid;
	}

	public void needImagewidth(boolean needimagewidth) {
		this.needimagewidth = needimagewidth;
	}

	public ArrayList getDelFilerealpaths() {
		return delfilerealpaths;
	}


	public String uploadFiles(String uploadname) {
		String[] uploadnames = new String[1];
		uploadnames[0] = uploadname;
		String paramFileName = this.getParameter("name"); //获取参数当中的文件名
		//String[] filenames = uploadFiles(uploadnames) ;
		String[] filenames = uploadFiles(uploadnames, paramFileName);
		if (filenames == null || filenames.length < 1) {
			return null;
		}
		return filenames[0];
	}

	//add by liuy 20190705 start
	/* 上传文件文件名IOS系统出现错误问题修复
	 *
	 */
	public String[] uploadFiles(String[] uploadnames, String paramFileName) {
		if (mpdata == null) return null;

		int upload_numbers = uploadnames.length;
		String[] fileids = new String[upload_numbers];
		this.filenames = new String[upload_numbers];
		for (int i = 0; i < upload_numbers; i++) {
			filenames[i] = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadnames[i]));
			if (filenames[i] == null || "".equals(filenames[i])) {
				return fileids;
			}
			//满足三个条件，否则走else；
			//1 请求参数未包含文件名
			//2 有请求参数并且和上传文件流里的文件名参数一致
			//3 值不一致，但是文件流里的文件名为file，防止 IOS篡改
			if (StringUtils.isBlank(paramFileName) || paramFileName.equals(filenames[i]) || (!paramFileName.equals(filenames[i]) && !"file".equals(filenames[i]))) {
				fileids[i] = saveFile(uploadnames[i], mpdata);
			} else {
				filenames[i] = paramFileName; //修改文件名
				fileids[i] = saveFile(uploadnames[i], paramFileName, mpdata);
			}

		}
		return fileids;
	}

	public String[] uploadFiles(String[] uploadnames) {
		if (mpdata == null) return null;
		int upload_numbers = uploadnames.length;
		String[] fileids = new String[upload_numbers];
		this.filenames = new String[upload_numbers];
		for (int i = 0; i < upload_numbers; i++) {
			filenames[i] = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadnames[i]));
			if (filenames[i] != null && !filenames[i].equals("")) {
				fileids[i] = saveFile(uploadnames[i], mpdata);
			}
		}
		return fileids;
	}

	/**
	 * 处理邮件模块上传的附件存储
	 *
	 * @param uploadname
	 * @return
	 */
	public String uploadFilesToEmail(String uploadname) {
		String[] uploadnames = new String[1];
		uploadnames[0] = uploadname;
		String[] filenames = uploadFilesToEmail(uploadnames);
		return filenames[0];
	}

	/**
	 * 处理邮件模块上传的附件存储
	 *
	 * @param uploadnames
	 * @return
	 */
	public String[] uploadFilesToEmail(String[] uploadnames) {
		if (mpdata == null) return null;
		int upload_numbers = uploadnames.length;
		String[] fileids = new String[upload_numbers];
		this.filenames = new String[upload_numbers];
		for (int i = 0; i < upload_numbers; i++) {
			filenames[i] = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadnames[i]));
			if (filenames[i] != null && !filenames[i].equals("")) {
				fileids[i] = saveFileToEmail(uploadnames[i], mpdata);
			}
		}
		return fileids;
	}

	/**
	 * 保存邮件附件记录到mailresourcefile表。
	 *
	 * @param uploadname
	 * @param mpdata
	 * @return
	 */
	private synchronized String saveFileToEmail(String uploadname, MultipartRequest mpdata) {
		String imageid = "";
		String filepath = mpdata.getFilePath(uploadname);
		String filename = mpdata.getFileName(uploadname);
		String originalfilename = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadname));
		writeLog("-saveFileToEmail-filename:" + filename + "-originalfilename:" + originalfilename);
		originalfilename = StringEscapeUtils.unescapeHtml(originalfilename);
		writeLog("-saveFileToEmail-unescapeHtml-originalfilename:" + originalfilename);
		String contenttype = mpdata.getContentType(uploadname);
		long filesize = mpdata.getFileSize(uploadname);
		String filerealpath = filepath + filename;
		// WeavermailComInfo wmc = new WeavermailComInfo() ;
		String isfileattrachment = "1";// wmc.getCurrentFileAttachment() ;
		String fileContentId = "";// wmc.getCurrentFileContentId();
		String isEncoded = "";// wmc.getCurrentFilenameencode();
		String secretLevel = Util.null2s(getParameter("secretLevel"), "4");
		String secretDeadline = Util.null2s(getParameter("secretLevelValidity"), "");

		//判断实体文件是否存在，如果不存在，保存失败。
		File file = new File(filerealpath);
		if (!file.exists()) {
			writeLog("检测到实体文件不存在，附件上传失败.originalfilename=" + originalfilename + ",filerealpath=" + filerealpath);
			return imageid;
		}

		String iszip = "0";
		String isencrypt = "0";
		if (needzip) iszip = "1";
		if (needzipencrypt) isencrypt = "1";

		originalfilename = escapeSpecialCharactersForFileName(originalfilename);

		RecordSet rs = new RecordSet();
		char separator = Util.getSeparator();
		String mailFileUUID = MailCommonUtils.getRandomUUID();
		String para = "0" + separator + originalfilename + separator + contenttype + separator + filerealpath
				+ separator + iszip + separator + isencrypt + separator + isfileattrachment + separator + fileContentId
				+ separator + isEncoded + separator + String.valueOf(filesize) + separator + mailFileUUID;
		rs.executeProc("MailResourceFile_Insert", para);
		rs.executeQuery("select id from MailResourceFile where mrf_uuid = ?", mailFileUUID);
		if (rs.next()) {
			imageid = rs.getString("id");
		}

		// 更新加密信息
		rs.executeUpdate("update MailResourceFile set isaesencrypt=?, aescode=?, secretLevel=?, secretDeadline=? where id=?", isaesencrypt, aescode, secretLevel, secretDeadline, imageid);

		//处理oss存储逻辑
		MailAliOSSService mailAliOSSService = new MailAliOSSService();
		mailAliOSSService.updateFileToOSSByUUID(mailFileUUID);

		return imageid;
	}

	/**
	 * 过滤附件名称里的特殊字符，防止入库 是出现 问号?
	 *
	 * @param fileName
	 * @return
	 */
	private String escapeSpecialCharactersForFileName(String fileName) {
		fileName = Util.null2String(fileName);

		fileName = fileName.replaceAll("(\r\n|\r|\n|\n\r)", "").replaceAll("\t", ""); // 替换换行符，tab符

		//替换英文半角字符,防止半角字符展示为？问号 https://tbatm.iteye.com/blog/2196068
		byte bytes[] = {(byte) 0xC2, (byte) 0xA0};
		try {
			String UTFSpace = new String(bytes, "utf-8");
			fileName = fileName.replaceAll(UTFSpace, " ");
		} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
		}
		return fileName;
	}


	/**
	 * 处理邮件模块上传的附件存储
	 *
	 * @param uploadnames
	 * @param withsave
	 * @return
	 */
	public ArrayList uploadFilesToMail(String[] uploadnames, String withsave) {
		if (mpdata == null) return null;
		int upload_numbers = uploadnames.length;
		ArrayList filecontents = new ArrayList();
		this.filenames = new String[upload_numbers];
		for (int i = 0; i < upload_numbers; i++) {
			String tempfilename = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadnames[i]));
			if (tempfilename != null && !tempfilename.equals("")) {
				filenames[i] = tempfilename;
				filecontents.add(getFileContent(uploadnames[i], mpdata, withsave));
			}
		}
		return filecontents;
	}


	private MultipartRequest getAttachment(HttpServletRequest req) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				String createdir = getCreateDir(syscominfo.getFilesystem());
				isaesencrypt = syscominfo.getIsaesencrypt();
				aescode = Util.getRandomString(13);
				if ((syscominfo.getNeedzip()).equals("1")) needzip = true;
				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, "", isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	private MultipartRequest getAttachment(HttpServletRequest req, String encoding) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				String createdir = getCreateDir(syscominfo.getFilesystem());
				isaesencrypt = syscominfo.getIsaesencrypt();
				aescode = Util.getRandomString(13);
				if ((syscominfo.getNeedzip()).equals("1")) needzip = true;
				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, encoding, isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	private MultipartRequest getEmailAttachment(HttpServletRequest req, String encoding, boolean iszip) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();

				//               String createdir = getCreateDir(syscominfo.getFilesystem()) ;
				String createdir = GCONST.getRootPath() + "filesystem" + File.separatorChar;
				createdir = getCreateDir(createdir + File.separatorChar);
				RecordSet rs = new RecordSet();
				rs.execute("select filePath from MailConfigureInfo");
				while (rs.next()) {
					String emailpath = rs.getString("filePath");
					if (!"".equals(emailpath)) {
						createdir = getCreateDir(emailpath + File.separatorChar);
					}
				}

				isaesencrypt = syscominfo.getIsaesencrypt();
				aescode = Util.getRandomString(13);
				needzip = iszip;
				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, encoding, isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	protected MultipartRequest getAttachment(HttpServletRequest req, String encoding, boolean iszip) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				String createdir = getCreateDir(syscominfo.getFilesystem());
				isaesencrypt = syscominfo.getIsaesencrypt();
				aescode = Util.getRandomString(13);
				needzip = iszip;
				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, encoding, isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	private MultipartRequest getAttachment(HttpServletRequest req, String encoding, boolean iszip, boolean original) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = null;
				SystemComInfo syscominfo = new SystemComInfo();
				String createdir = getCreateDir(syscominfo.getFilesystem());
				isaesencrypt = "0";
				aescode = Util.getRandomString(13);
				needzip = false;
				if (!original) {
					isaesencrypt = syscominfo.getIsaesencrypt();
					aescode = Util.getRandomString(13);
					needzip = iszip;
				}

				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, encoding, isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	//for license upload by chenyingjie 2003-06-26
	private MultipartRequest getAttachment(HttpServletRequest req, boolean iszip) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				String createdir = getCreateDir(syscominfo.getFilesystem());
				isaesencrypt = syscominfo.getIsaesencrypt();
				aescode = Util.getRandomString(13);
				if ((syscominfo.getNeedzip()).equals("1")) needzip = true;
				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				if (!iszip) needzip = false;
				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, "", isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	private MultipartRequest getAttachment(HttpServletRequest req, boolean iszip, boolean isaesencryptBoolean) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				String createdir = getCreateDir(syscominfo.getFilesystem());
				if (isaesencryptBoolean) {
					isaesencrypt = syscominfo.getIsaesencrypt();
					aescode = Util.getRandomString(13);
				}
				if ((syscominfo.getNeedzip()).equals("1")) needzip = true;
				//       if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				if (!iszip) needzip = false;
				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, "", isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	public List getFiles() {
		if (mpdata == null) return null;
		return mpdata.getFiles();
	}

	//for homepage edit by dongping 2006-08-24
	private MultipartRequest getAttachment(HttpServletRequest req, boolean iszip, String strDirAddr) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				//String createdir = getCreateDir(syscominfo.getFilesystem()) ;
				isaesencrypt = syscominfo.getIsaesencrypt();
				aescode = Util.getRandomString(13);
				String createdir = getCreateDir(GCONST.getRootPath() + strDirAddr);
				if ((syscominfo.getNeedzip()).equals("1")) needzip = true;
				//if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				if (!iszip) needzip = false;
				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, "", isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	//html模板图片保存
	private MultipartRequest getAttachment(HttpServletRequest req, boolean iszip, boolean encoding, String strDirAddr) {
		if (isMultipartData(req))
			try {
				DefaultFileRenamePolicy defpolicy = new DefaultFileRenamePolicy();
				SystemComInfo syscominfo = new SystemComInfo();
				//String createdir = getCreateDir(syscominfo.getFilesystem()) ;
				isaesencrypt = syscominfo.getIsaesencrypt();
				if (!encoding) isaesencrypt = "0";
				aescode = Util.getRandomString(13);
				String createdir = getCreateDir(GCONST.getRootPath() + strDirAddr);
				if ((syscominfo.getNeedzip()).equals("1")) needzip = true;
				//if( (syscominfo.getNeedzipencrypt()).equals("1") ) needzipencrypt = true ;

				if (!iszip) needzip = false;
				return new MultipartRequest(req, createdir, req.getContentLength(), defpolicy, needzip, needzipencrypt, "", isaesencrypt, aescode);
			} catch (Exception ex) {
				writeLog(ex);
				return null;
			}
		return null;
	}

	private InputStream getFileContent(String uploadname, MultipartRequest mpdata, String withsave) {
		if (withsave.equals("1") || withsave.equals("2")) {

			String filepath = mpdata.getFilePath(uploadname);
			String filename = mpdata.getFileName(uploadname);
			String originalfilename = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadname));
			String contenttype = mpdata.getContentType(uploadname);
			long filesize = mpdata.getFileSize(uploadname);
			String filerealpath = filepath + filename;
			//WeavermailComInfo wmc = new WeavermailComInfo() ;
			String isfileattrachment = "1";//wmc.getCurrentFileAttachment() ;
			String fileContentId = "";//wmc.getCurrentFileContentId();
			String isEncoded = "";//wmc.getCurrentFilenameencode();

			String iszip = "0";
			String isencrypt = "0";
			if (needzip) iszip = "1";
			if (needzipencrypt) isencrypt = "1";

			RecordSet rs = new RecordSet();
			char separator = Util.getSeparator();

			String para = "" + mailid + separator + originalfilename + separator
					+ contenttype + separator + filerealpath + separator
					+ iszip + separator + isencrypt + separator + isfileattrachment + separator
					+ fileContentId + separator + isEncoded + separator + String.valueOf(filesize);

			rs.executeProc("MailResourceFile_Insert", para);
		} else {
			String filepath = mpdata.getFilePath(uploadname);
			String filename = mpdata.getFileName(uploadname);
			String filerealpath = filepath + filename;
			delfilerealpaths.add(filerealpath);
		}

		try {
			File thefile = mpdata.getFile(uploadname);
			if (needzip) {
				ZipInputStream zin = new ZipInputStream(new FileInputStream(thefile));
				if (zin.getNextEntry() != null) source = new BufferedInputStream(zin);
			} else source = new BufferedInputStream(new FileInputStream(thefile));
		} catch (Exception e) {
			writeLog(e);
		}

		return source;

            /* 原有的存储附件数据在数据库中的方式

            boolean isoracle = (statement.getDBType()).equals("oracle") ;

            try   {
                statement = new ConnStatement();

                File thefile = mpdata.getFile(uploadname) ;
                int fileLength = new Long(thefile.length()).intValue();
                source = new BufferedInputStream(new FileInputStream(thefile),500*1024) ;

                String sql =  "" ;

                if( isoracle) {
                    sql = "insert into MailResourceFile(mailid,filename,attachfile,filetype) values(?,?,empty_blob(),?)";
                    statement.setStatementSql(sql);
                    statement.setInt(1,mailid);
                    statement.setString(2,filename) ;
                    statement.setString(3,contenttype) ;
                    statement.executeUpdate();

                    sql = "select rownum,  attachfile from ( select attachfile from MailResourceFile order by id desc ) where rownum = 1 " ;
                    statement.setStatementSql(sql);
                    statement.executeQuery();
                    statement.next() ;
                    BLOB theblob = statement.getBlob(2) ;

                    int bytesize = theblob.getBufferSize() ;
                    byte[] buffer = new byte[bytesize] ;
                    OutputStream outstream = theblob.getBinaryOutputStream() ;
                    int length = -1 ;

                    while((length = source.read(buffer)) != -1)
                        outstream.write(buffer, 0 , length) ;
                    outstream.close() ;
                }
                else {
                    sql = "insert into MailResourceFile(mailid,filename,attachfile,filetype) values(?,?,?,?)";
                    statement.setStatementSql(sql);
                    statement.setInt(1,mailid);
                    statement.setString(2,filename) ;
                    statement.setBinaryStream(3,source,fileLength);
                    statement.setString(4,contenttype) ;
                    statement.executeUpdate();
                }

                source.close() ;
                thefile.delete() ;

                if(withsave.equals("1")) {
                    sql = "select max(id) from MailResourceFile " ;
                    statement.setStatementSql(sql);
                    statement.executeQuery();
                    statement.next() ;
                    int fileid = statement.getInt(1) ;

                    sql = "select attachfile from MailResourceFile where id = " + fileid;
                    statement.setStatementSql(sql);
                    statement.executeQuery();
                    statement.next() ;
                    byte[] imagebyte = null ;
                    if( isoracle ) imagebyte = statement.getBlobByte("attachfile") ;
                    else imagebyte = statement.getBytes("attachfile") ;
                    source = new BufferedInputStream(new ByteArrayInputStream(imagebyte),500*1024) ;
                }
                statement.close() ;


            }catch(Exception ex){}
        }
        return source ;  */
	}


	private synchronized String saveFile(String uploadname, MultipartRequest mpdata) {

		int imageid = 0;
		String filepath = mpdata.getFilePath(uploadname);
		String filename = mpdata.getFileName(uploadname);
		String originalfilename = SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadname));
		String contenttype = mpdata.getContentType(uploadname);
		long filesize = mpdata.getFileSize(uploadname);

		String _imagefilename = Util.null2String(getParameter("imagefilename"));
		String __originalfilename = Util.null2String(originalfilename);
		String _extname = __originalfilename.contains(".") ? __originalfilename.substring(__originalfilename.indexOf(".")) : "";
		if (!_imagefilename.isEmpty() && ("".equals(_extname) || _imagefilename.endsWith(_extname))) {
			originalfilename = _imagefilename;
		}

		if (filesize == 0) {
			writeLog("^^^^^^^^^(文件大小为0)(" + originalfilename + ")^^^^^^^^^^^filepath=" + filepath + filename);
			return null;
		}

		String filerealpath = filepath + filename;
		int fieldId = Util.getIntValue(getParameter("fieldId"));
		int workflowId = Util.getIntValue(getParameter("workflowId"));
		/*
		 * QC675390概述：前后台增加附件上传格式控制
		 * 如果上传文件的文件名后缀不符合配置文件中的要求，则不上传
		 */
		if (!FileSuffixCheckUtil.isEnableUpload(originalfilename) || (fieldId > 0 && workflowId > 0 && !checkFileSuffix(originalfilename, fieldId, workflowId))) {
			writeLog("^^^^^^^^^(文件拦截)(" + originalfilename + ")^^^^^^^^^^^filepath=" + filepath + filename);
			File _tempFile = new File(filerealpath);
			// 如果文件存在，且是文件，删除
			if (_tempFile.exists() && _tempFile.isFile()) {
				FileSecurityUtil.deleteFile(_tempFile);
				// _tempFile.delete();
			}
			return null;
		}
		//tagtag需要压缩图片
		//System.out.println("contenttype:"+ contenttype);
		//System.out.println("filerealpath:"+ filerealpath);
		String needCompressionPic = (String) this.request.getAttribute("needCompressionPic");
		if ("1".equals(needCompressionPic) && !needzip) {
			PicCompression picCompression = new PicCompression();
			String s = picCompression.compress(filerealpath, 1280, 1024, 1);
		}


		String imagefileused = "1";
		String iszip = "0";
		String isencrypt = "0";
		if (needzip) iszip = "1";
		if (needzipencrypt) isencrypt = "1";


		RecordSet rs = new RecordSet();
		char separator = Util.getSeparator();

		//rs.executeProc("SequenceIndex_SelectFileid" , "" );
		//if( rs.next() ) imageid = Util.getIntValue(rs.getString(1));
		imageid = imageFileIdUpdate.getImageFileNewId();
		String originalfilenameflag = originalfilename;
		try {
//			if(UrlEncoderUtils.hasUrlEncoded(originalfilename)){
			//originalfilename = originalfilename.replaceAll("[%]","%25").replaceAll("[+]","%2B");
			originalfilename = URLDecoder.decode(originalfilename, "utf-8");
//			}
		} catch (Exception e) {
			originalfilename = originalfilenameflag;
			//e.printStackTrace();
		}

		String para = "" + imageid + separator + originalfilename + separator
				+ contenttype + separator + imagefileused + separator + filerealpath + separator
				+ iszip + separator + isencrypt + separator + filesize;

		rs.executeProc("ImageFile_Insert", para);
		AliOSSObjectManager aliOSSObjectManager = new AliOSSObjectManager();
		String tokenKey = aliOSSObjectManager.getTokenKeyByFileRealPath(filerealpath);
		String secretLevel = Util.null2s(getParameter("secretLevel"), DocManager.DEFAILT_SECRET_LEVEL + "");
		String secretValidity = Util.null2s(getParameter("secretLevelValidity"), "");
		String name = Util.null2s(getParameter("name"), "");
		String sql = "update imagefile set isaesencrypt=" + isaesencrypt + ", aescode='" + aescode + "',TokenKey='" + tokenKey + "',secretLevel=" + secretLevel + ",secretValidity='" + secretValidity + "' where imagefileid=" + imageid;
//        rs.writeLog("fileupload1111-----fileid:"+imageid+"---name:"+name+"--secretLevel:"+secretLevel+"--secretValidity:"+secretValidity+"--sql"+sql);
		// 更新加密信息
		rs.executeUpdate(sql);


		try {                                        // add by liuyu to get image file width and height
			if (contenttype.indexOf("image") != -1 && needimagewidth) {
				File thefile = mpdata.getFile(uploadname);
				long fileLength = thefile.length();
				filesizes.add("" + fileLength);

				if (needzip) {
					ZipInputStream zin = new ZipInputStream(new FileInputStream(thefile));
					if (zin.getNextEntry() != null) source = new BufferedInputStream(zin);
				} else source = new BufferedInputStream(new FileInputStream(thefile));

				if (isaesencrypt.equals("1")) {
					source = AESCoder.decrypt(source, aescode);
				}
				//byte[] imagebyte = new byte[64*1024] ;
				//StringBuffer buf = new StringBuffer();
				//while (source.read(imagebyte, 0, imagebyte.length) != -1) buf.append(imagebyte);
				//ByteArraySeekableStream bs =  new ByteArraySeekableStream((buf.toString()).getBytes()) ;
				//RenderedOp bimage = JAI.create("stream", bs);
				//imagewidth.add(""+bimage.getWidth()) ;
				//imageheight.add(""+bimage.getHeight()) ;


				ImageInfo ii = new ImageInfo();
				ii.setInput(source);
				if (!ii.check()) {
					imagewidth.add("0");
					imageheight.add("0");
				} else {
					imagewidth.add("" + ii.getWidth());
					imageheight.add("" + ii.getHeight());
				}
			} else {
				imagewidth.add("0");
				imageheight.add("0");
				filesizes.add("0");
			}
		} catch (Exception imgex) {
			imagewidth.add("0");
			imageheight.add("0");
			filesizes.add("0");
		}

		return imageid + "";

        /* 原有的存储附件数据在数据库中的方式

        try {
          File thefile = mpdata.getFile(uploadname) ;
          int fileLength = new Long(thefile.length()).intValue();
          source = new BufferedInputStream(new FileInputStream(thefile),500*1024) ;

          filesizes.add(""+fileLength) ;

          statement = new ConnStatement();
          boolean isoracle = (statement.getDBType()).equals("oracle") ;

          String sql = "select currentid from SequenceIndex where indexdesc='imagefileid'";
          statement.setStatementSql(sql);
          statement.executeQuery();

          if(statement.next()){
              imageid = statement.getInt("currentid");
          }

          sql = "update SequenceIndex set currentid=? where indexdesc='imagefileid'";
          statement.setStatementSql(sql);
          statement.setInt(1,imageid+1);
          statement.executeUpdate();

          if( isoracle) {
              sql = "insert into ImageFile values(?,?,?,empty_blob(),?)";
              statement.setStatementSql(sql);
              statement.setInt(1,imageid);
              statement.setString(2,filename) ;
              statement.setString(3,contenttype) ;
              statement.setInt(4,1);
              statement.executeUpdate();

              sql = "select imagefile from ImageFile where imagefileid = " + imageid ;
              statement.setStatementSql(sql);
              statement.executeQuery();
              statement.next() ;
              BLOB theblob = statement.getBlob(1) ;

              int bytesize = theblob.getBufferSize() ;
              byte[] buffer = new byte[bytesize] ;
              OutputStream outstream = theblob.getBinaryOutputStream() ;
              int length = -1 ;

              while((length = source.read(buffer)) != -1)
                outstream.write(buffer, 0 , length) ;
              outstream.close() ;
          }
          else {
              sql = "insert into ImageFile values(?,?,?,?,?)";
              statement.setStatementSql(sql);
              statement.setInt(1,imageid);
              statement.setString(2,filename) ;
              statement.setString(3,contenttype) ;
              statement.setBinaryStream(4,source,fileLength);
              statement.setInt(5,1);
              statement.executeUpdate();
          }

          source.close();
          thefile.delete() ;

          try   {                                        // add by liuyu to get image file width and height
              if(contenttype.indexOf("image") != -1 && needimagewidth)  {
                  sql = "select imagefile from ImageFile where imagefileid = "+imageid;
                  statement.setStatementSql(sql);
                  statement.executeQuery();
                  statement.next() ;
                  byte[] imagebyte = null ;
                  if( isoracle ) imagebyte = statement.getBlobByte("imagefile") ;
                  else imagebyte = statement.getBytes("imagefile") ;
                  ByteArraySeekableStream bs =  new ByteArraySeekableStream(imagebyte) ;
                  RenderedOp bimage = JAI.create("stream", bs);
                  imagewidth.add(""+bimage.getWidth()) ;
                  imageheight.add(""+bimage.getHeight()) ;
              }
              else {
                  imagewidth.add("0") ;
                  imageheight.add("0") ;
              }
          }
          catch (Exception imgex) {
              imagewidth.add("0") ;
              imageheight.add("0") ;
          }

          statement.close() ;
        }
        catch (Exception ex) { writeLog(ex); }

        return imageid+""; */
	}

	private synchronized String saveFile(String uploadname, String paramFileName, MultipartRequest mpdata) {

		int imageid = 0;
		String filepath = mpdata.getFilePath(uploadname);
		String filename = mpdata.getFileName(uploadname);
		String originalfilename = paramFileName;
		String contenttype = mpdata.getContentType(uploadname);
		long filesize = mpdata.getFileSize(uploadname);

		String _imagefilename = Util.null2String(getParameter("imagefilename"));
		String __originalfilename = Util.null2String(originalfilename);
		String _extname = __originalfilename.contains(".") ? __originalfilename.substring(__originalfilename.indexOf(".")) : "";
		if (!_imagefilename.isEmpty() && ("".equals(_extname) || _imagefilename.endsWith(_extname))) {
			originalfilename = _imagefilename;
		}
		if (filesize == 0) {
			writeLog("^^^^^^^^^(文件大小为0)(" + originalfilename + ")^^^^^^^^^^^filepath=" + filepath + filename);
			return null;
		}

		String filerealpath = filepath + filename;

		//tagtag需要压缩图片
		//System.out.println("contenttype:"+ contenttype);
		//System.out.println("filerealpath:"+ filerealpath);
		String needCompressionPic = (String) this.request.getAttribute("needCompressionPic");
		if ("1".equals(needCompressionPic) && !needzip) {
			PicCompression picCompression = new PicCompression();
			String s = picCompression.compress(filerealpath, 1280, 1024, 1);
		}


		String imagefileused = "1";
		String iszip = "0";
		String isencrypt = "0";
		if (needzip) iszip = "1";
		if (needzipencrypt) isencrypt = "1";


		RecordSet rs = new RecordSet();
		char separator = Util.getSeparator();

		//rs.executeProc("SequenceIndex_SelectFileid" , "" );
		//if( rs.next() ) imageid = Util.getIntValue(rs.getString(1));
		imageid = imageFileIdUpdate.getImageFileNewId();
		String originalfilenameflag = originalfilename;
		try {
//			if(UrlEncoderUtils.hasUrlEncoded(originalfilename)){
			//originalfilename = originalfilename.replaceAll("[%]","%25").replaceAll("[+]","%2B");
			originalfilename = URLDecoder.decode(originalfilename, "utf-8");
//			}
		} catch (Exception e) {
			originalfilename = originalfilenameflag;
			//e.printStackTrace();
		}
		String para = "" + imageid + separator + originalfilename + separator
				+ contenttype + separator + imagefileused + separator + filerealpath + separator
				+ iszip + separator + isencrypt + separator + filesize;

		rs.executeProc("ImageFile_Insert", para);
		AliOSSObjectManager aliOSSObjectManager = new AliOSSObjectManager();
		String tokenKey = aliOSSObjectManager.getTokenKeyByFileRealPath(filerealpath);
		String secretLevel = Util.null2s(getParameter("secretLevel"), DocManager.DEFAILT_SECRET_LEVEL + "");
		String secretValidity = Util.null2s(getParameter("secretLevelValidity"), "");
		String name = Util.null2s(getParameter("name"), "");

		String sql = "update imagefile set isaesencrypt=" + isaesencrypt + ", aescode='" + aescode + "',TokenKey='" + tokenKey + "',secretLevel=" + secretLevel + ",secretValidity='" + secretValidity + "' where imagefileid=" + imageid;
//        rs.writeLog("fileupload2222-----fileid:"+imageid+"---name:"+name+"--secretLevel:"+secretLevel+"--secretValidity:"+secretValidity+"--sql:"+sql);
		// 更新加密信息
		rs.executeUpdate(sql);

		aliOSSObjectManager.uploadFile(filerealpath, originalfilename, iszip, isaesencrypt, aescode);

		try {                                        // add by liuyu to get image file width and height
			if (contenttype.indexOf("image") != -1 && needimagewidth) {
				File thefile = mpdata.getFile(uploadname);
				long fileLength = thefile.length();
				filesizes.add("" + fileLength);

				if (needzip) {
					ZipInputStream zin = new ZipInputStream(new FileInputStream(thefile));
					if (zin.getNextEntry() != null) source = new BufferedInputStream(zin);
				} else source = new BufferedInputStream(new FileInputStream(thefile));

				if (isaesencrypt.equals("1")) {
					source = AESCoder.decrypt(source, aescode);
				}
				//byte[] imagebyte = new byte[64*1024] ;
				//StringBuffer buf = new StringBuffer();
				//while (source.read(imagebyte, 0, imagebyte.length) != -1) buf.append(imagebyte);
				//ByteArraySeekableStream bs =  new ByteArraySeekableStream((buf.toString()).getBytes()) ;
				//RenderedOp bimage = JAI.create("stream", bs);
				//imagewidth.add(""+bimage.getWidth()) ;
				//imageheight.add(""+bimage.getHeight()) ;


				ImageInfo ii = new ImageInfo();
				ii.setInput(source);
				if (!ii.check()) {
					imagewidth.add("0");
					imageheight.add("0");
				} else {
					imagewidth.add("" + ii.getWidth());
					imageheight.add("" + ii.getHeight());
				}
			} else {
				imagewidth.add("0");
				imageheight.add("0");
				filesizes.add("0");
			}
		} catch (Exception imgex) {
			imagewidth.add("0");
			imageheight.add("0");
			filesizes.add("0");
		}

		return imageid + "";
	}


	private boolean isMultipartData(HttpServletRequest req) {
		return Util.null2String(req.getContentType()).toLowerCase().startsWith("multipart/form-data");
	}


	public static String getCreateDir(String createdir) {

		if (createdir == null) {
			StaticObj staticObj = StaticObj.getInstance();
			staticObj.removeObject("SystemInfo");
			SystemComInfo syscominfo = new SystemComInfo();
			createdir = syscominfo.getFilesystem();
		}


		if (createdir == null || createdir.equals("")) createdir = GCONST.getSysFilePath();
		else {
			createdir = Util.StringReplace(createdir, "\\", "#$^123");
			createdir = Util.StringReplace(createdir, "/", "#$^123");
			createdir = Util.StringReplace(createdir, "#$^123", File.separator);
			//if( createdir.lastIndexOf(File.separator) < 0 ) createdir += File.separator ;

			if (!createdir.endsWith(File.separator)) {
				createdir += File.separator;
			}
		}

		Calendar today = Calendar.getInstance();
		String currentyear = Util.add0(today.get(Calendar.YEAR), 4);
		String currentmonth = Util.add0(today.get(Calendar.MONTH) + 1, 2);

		Random random = new Random();
		int randomint = 1 + random.nextInt(26);
		String charstr = Util.getCharString(randomint);

		createdir += currentyear + currentmonth + File.separatorChar + charstr + File.separatorChar;
		String ostype = System.getProperty("os.arch");
		String osname = System.getProperty("os.name").toLowerCase();
		//if (!ostype.equals("x86")&&!ostype.equals("amd64")) {
		if (!osname.startsWith("windows")) {
			try {
				if (!createdir.substring(0, 1).equals(File.separator)) {
					new BaseBean().writeLog("WRAN................File path=[" + createdir + "]   os=[" + ostype + "]");
					createdir = File.separator + createdir;
					new BaseBean().writeLog("WRAN................Changed path=[" + createdir + "]   os=[" + ostype + "]");
				}
			} catch (Exception e) {
			}
		}
		return createdir;
	}

	//获取文件的原始名称
	public String getFileOriginalFileName(String uploadame) {
		return SecurityMethodUtil.textXssClean(mpdata.getOriginalFileName(uploadame));
	}

	//根据文件名获取文件
	public File getFile(String filename) {
		return mpdata.getFile(filename);
	}

	/**
	 * 根据参数名判断文件是否可以上传, 查询参数名为file对应的文件的后缀
	 *
	 * @return
	 */
	public boolean canUploadCheckBySecid() {
		return canUploadCheckBySecid("file");
	}

	/**
	 * 根据 uplaodfilename 查找指定的物理文件的文件名，判断文件是否可以上传
	 *
	 * @param uplaodfilename
	 * @return
	 */
	public boolean canUploadCheckBySecid(String uplaodfilename) {
		int secid = Util.getIntValue(this.getParameter("secid"), -1);

		String paramFileName = this.getFileOriginalFileName(uplaodfilename); //获取参数当中的文件名
		if (secid <= 0) {
			return FileSuffixCheckUtil.isEnableUpload(paramFileName);
		} else {
			return FileSuffixCheckUtil.isEnableUploadBySecId(secid, paramFileName);
		}
	}


	/**
	 * @param fileName   文件名
	 * @param fieldId    附件字段id
	 * @param workflowId 流程id
	 * @return 文件上传后端校验是否通过
	 */
	public boolean checkFileSuffix(String fileName, int fieldId, int workflowId) {
		RecordSet rs1 = new RecordSet();
		//查询单个字段设置
		String sql1 = "select limittype,limitvalue from workflow_fileupload where fieldid = " + fieldId + " and workflowid =" + workflowId;
		//查询默认设置
		String sql2 = "select limitvalue from workflow_base where id = " + workflowId;
		//查询新表单
		String sql3 = "select FIELDHTMLTYPE,TYPE from workflow_billfield where id = " + fieldId;
		//查询老表单主表
		String sql4 = "select fieldhtmltype,type from workflow_formdict where id = " + fieldId;
		//查询老表单明细表
		String sql5 = "select fieldhtmltype,type from workflow_formdictdetail where id = " + fieldId;

		String limitType = "";//单个字段设置类型
		String limitValueField = "";//单个字段设置限制格式
		String limitValueDefult = "";//默认限制格式
		String fileNameSuffix = FileSuffixCheckUtil.getFileNameSuffix(fileName);//上传的文件名后缀

		rs1.executeQuery(sql1);
		while (rs1.next()) {
			limitType = Util.null2String(rs1.getString("limittype"));
			limitValueField = Util.null2String(rs1.getString("limitvalue"));
		}
		rs1.execute(sql2);
		while (rs1.next()) {
			limitValueDefult = Util.null2String(rs1.getString("limitvalue"));
		}

		//新表单
		String fieldHtmlTypeNew = "";//新表单字段大类型
		String typeNew = "";//新表单字段小类型
		rs1.executeQuery(sql3);
		while (rs1.next()) {
			fieldHtmlTypeNew = Util.null2String(rs1.getString(1));
			typeNew = Util.null2String(rs1.getString(2));
		}
		//校验新表单字段是否为图片，如果是图片，则不校验，直接放行
		if ("6".equals(fieldHtmlTypeNew) && "2".equals(typeNew)) {
			return true;
		}


		//老表单主表
		String fieldHtmlTypeOld = "";//老表单字段大类型
		String typeOld = "";//老表单字段小类型
		rs1.execute(sql4);
		while (rs1.next()) {
			fieldHtmlTypeOld = Util.null2String(rs1.getString(1));
			typeOld = Util.null2String(rs1.getString(2));
		}
		//校验老表单字段是否为图片，如果是图片，则不校验，直接放行
		if ("6".equals(fieldHtmlTypeOld) && "2".equals(typeOld)) {
			return true;
		}

		//老表单明细表
		String fieldHtmlTypeDetailOld = "";//老表单明细字段大类型
		String typeDetailOld = "";//老表单明细字段小类型
		rs1.execute(sql5);
		while (rs1.next()) {
			fieldHtmlTypeDetailOld = Util.null2String(rs1.getString(1));
			typeDetailOld = Util.null2String(rs1.getString(2));
		}
		//校验老表单字段是否为图片，如果是图片，则不校验，直接放行
		if ("6".equals(fieldHtmlTypeDetailOld) && "2".equals(typeDetailOld)) {
			return true;
		}

		//如果默认和字段都没有设置格式限制，或者字段选择了格式显示，但是格式限制为空，则直接允许提交
		if (("".equals(limitValueField) && "".equals(limitValueDefult)) || ("1".equals(limitType) && "".equals(limitValueField))) {
			return true;
		}

		//先校验单个字段，如果单个字段没有设置格式校验，则校验默认的格式设置
		if ("1".equals(limitType)) {
			String[] formats = limitValueField.split(",");
			return Util.contains(formats, fileNameSuffix);
		}
		if ("0".equals(limitType)) {
			String[] restrictedFormat = limitValueDefult.split(",");
			return Util.contains(restrictedFormat, fileNameSuffix);
		}

		return false;
	}

}