From 8007b22b8569dc8036df95adb58f6ca53c8eb04c Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 一月 2022 12:04:40 +0800
Subject: [PATCH] 导出Excel时屏蔽公式，防止CSV注入风险

---
 ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
index c0ab6e5..3407f80 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
@@ -63,7 +63,8 @@
 
         // xss过滤
         json = EscapeUtil.clean(json).trim();
-        final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));
+        byte[] jsonBytes = json.getBytes("utf-8");
+        final ByteArrayInputStream bis = new ByteArrayInputStream(jsonBytes);
         return new ServletInputStream()
         {
             @Override
@@ -79,6 +80,12 @@
             }
 
             @Override
+            public int available() throws IOException
+            {
+                return jsonBytes.length;
+            }
+
+            @Override
             public void setReadListener(ReadListener readListener)
             {
             }

--
Gitblit v1.9.2