From 015b4060011ed00262369d49fc36d420f2f040a4 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 25 十月 2024 11:09:23 +0800
Subject: [PATCH] !591 发布 5.2.3 正式版 Merge pull request !591 from 疯狂的狮子Li/dev

---
 ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java |   30 +++++++++++++++++++++++++++++-
 1 files changed, 29 insertions(+), 1 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
index 4a425c5..190f94e 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
@@ -14,6 +14,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Map;
 
 /**
  * XSS杩囨护澶勭悊
@@ -29,6 +30,33 @@
     }
 
     @Override
+    public String getParameter(String name) {
+        String value = super.getParameter(name);
+        if (value != null) {
+            return HtmlUtil.cleanHtmlTag(value).trim();
+        }
+        return value;
+    }
+
+    @Override
+    public Map<String, String[]> getParameterMap() {
+        Map<String, String[]> valueMap = super.getParameterMap();
+        for (Map.Entry<String, String[]> entry : valueMap.entrySet()) {
+            String[] values = entry.getValue();
+            if (values != null) {
+                int length = values.length;
+                String[] escapseValues = new String[length];
+                for (int i = 0; i < length; i++) {
+                    // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
+                    escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+                }
+                valueMap.put(entry.getKey(), escapseValues);
+            }
+        }
+        return valueMap;
+    }
+
+    @Override
     public String[] getParameterValues(String name) {
         String[] values = super.getParameterValues(name);
         if (values != null) {
@@ -40,7 +68,7 @@
             }
             return escapseValues;
         }
-        return super.getParameterValues(name);
+        return values;
     }
 
     @Override

--
Gitblit v1.9.3