From 16d8b71e21dc7298b30f46bf264cd9b3589a6978 Mon Sep 17 00:00:00 2001
From: who's hu <hup_dev@outlook.com>
Date: 星期二, 22 八月 2023 17:25:19 +0800
Subject: [PATCH] update ruoyi-ui/src/permission.js. 由于重定向url存在 http://xxx.xx.xxx/{id}?param={a}&name={b} 的场景, 当未登录访问时, 通过改js封装登录后重定向参数, 会丢失?后的query params 如: 访问 http://localhost:1024/core/doc/doc?id=1683734914907807745&version=31 期望 http://localhost:1024/login?redirect=%2Fcore%2Fdoc%2Fdoc%3Fid%3D1683734914907807745%26version%3D31 实际通过 to.fullPath 封装后 获得 http://localhost:1024/login?redirect=%2Fcore%2Fdoc%2Fdoc%3Fid%3D1683734914907807745&version=31

---
 ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
index 703ce9a..23a76fe 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
@@ -12,6 +12,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.enums.HttpMethod;
 
 /**
  * 防止XSS攻击的过滤器
@@ -59,7 +60,7 @@
         String url = request.getServletPath();
         String method = request.getMethod();
         // GET DELETE 不过滤
-        if (method == null || method.matches("GET") || method.matches("DELETE"))
+        if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method))
         {
             return true;
         }

--
Gitblit v1.9.2