From 94d5c174aa78399abff1c2acc38005815795f158 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 13 十二月 2023 11:47:35 +0800
Subject: [PATCH] 添加新群号:161281055
---
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java | 18 ++++++++++++------
1 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
index 12ef551..e0cc40a 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
@@ -34,13 +34,13 @@
if (values != null)
{
int length = values.length;
- String[] escapseValues = new String[length];
+ String[] escapesValues = new String[length];
for (int i = 0; i < length; i++)
{
// 防xss攻击和过滤前后空格
- escapseValues[i] = EscapeUtil.clean(values[i]).trim();
+ escapesValues[i] = EscapeUtil.clean(values[i]).trim();
}
- return escapseValues;
+ return escapesValues;
}
return super.getParameterValues(name);
}
@@ -63,7 +63,8 @@
// xss过滤
json = EscapeUtil.clean(json).trim();
- final ByteArrayInputStream bis = new ByteArrayInputStream(json.getBytes("utf-8"));
+ byte[] jsonBytes = json.getBytes("utf-8");
+ final ByteArrayInputStream bis = new ByteArrayInputStream(jsonBytes);
return new ServletInputStream()
{
@Override
@@ -76,6 +77,12 @@
public boolean isReady()
{
return true;
+ }
+
+ @Override
+ public int available() throws IOException
+ {
+ return jsonBytes.length;
}
@Override
@@ -99,7 +106,6 @@
public boolean isJsonRequest()
{
String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
- return MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(header)
- || MediaType.APPLICATION_JSON_UTF8_VALUE.equalsIgnoreCase(header);
+ return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
}
}
\ No newline at end of file
--
Gitblit v1.9.2