专家管理系统后台
blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
RuoYi
2024-03-22 86ca404dbf5f7b3500bc6bedfd07f11c25b1baed 
 ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java


@@ -34,13 +34,13 @@


        if (values != null)



        {



            int length = values.length;



            String[] escapseValues = new String[length];



            String[] escapesValues = new String[length];



            for (int i = 0; i < length; i++)



            {



                // 防xss攻击和过滤前后空格



                escapseValues[i] = EscapeUtil.clean(values[i]).trim();



                escapesValues[i] = EscapeUtil.clean(values[i]).trim();



            }



            return escapseValues;



            return escapesValues;



        }



        return super.getParameterValues(name);



    }



@@ -63,7 +63,8 @@






        // xss过滤



        json = EscapeUtil.clean(json).trim();



        final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));



        byte[] jsonBytes = json.getBytes("utf-8");



        final ByteArrayInputStream bis = new ByteArrayInputStream(jsonBytes);



        return new ServletInputStream()



        {



            @Override



@@ -76,6 +77,12 @@


            public boolean isReady()



            {



                return true;



            }







            @Override



            public int available() throws IOException



            {



                return jsonBytes.length;



            }







            @Override



@@ -99,6 +106,6 @@


    public boolean isJsonRequest()



    {



        String header = super.getHeader(HttpHeaders.CONTENT_TYPE);



        return MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(header);



        return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);



    }



}