From 1e79d6f56fbd9a054800f1c62fd95bacda37c6b3 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期一, 20 七月 2020 10:41:32 +0800
Subject: [PATCH] 同步升级3.0
---
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java | 192 ++++++++++++++++++++++++------------------------
1 files changed, 96 insertions(+), 96 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
index 1495412..b3df122 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
@@ -1,97 +1,97 @@
-package com.ruoyi.common.filter;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import com.ruoyi.common.utils.StringUtils;
-
-/**
- * 闃叉XSS鏀诲嚮鐨勮繃婊ゅ櫒
- *
- * @author ruoyi
- */
-public class XssFilter implements Filter
-{
- /**
- * 鎺掗櫎閾炬帴
- */
- public List<String> excludes = new ArrayList<>();
-
- /**
- * xss杩囨护寮�鍏�
- */
- public boolean enabled = false;
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException
- {
- String tempExcludes = filterConfig.getInitParameter("excludes");
- String tempEnabled = filterConfig.getInitParameter("enabled");
- if (StringUtils.isNotEmpty(tempExcludes))
- {
- String[] url = tempExcludes.split(",");
- for (int i = 0; url != null && i < url.length; i++)
- {
- excludes.add(url[i]);
- }
- }
- if (StringUtils.isNotEmpty(tempEnabled))
- {
- enabled = Boolean.valueOf(tempEnabled);
- }
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException
- {
- HttpServletRequest req = (HttpServletRequest) request;
- HttpServletResponse resp = (HttpServletResponse) response;
- if (handleExcludeURL(req, resp))
- {
- chain.doFilter(request, response);
- return;
- }
- XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
- chain.doFilter(xssRequest, response);
- }
-
- private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
- {
- if (!enabled)
- {
- return true;
- }
- if (excludes == null || excludes.isEmpty())
- {
- return false;
- }
- String url = request.getServletPath();
- for (String pattern : excludes)
- {
- Pattern p = Pattern.compile("^" + pattern);
- Matcher m = p.matcher(url);
- if (m.find())
- {
- return true;
- }
- }
- return false;
- }
-
- @Override
- public void destroy()
- {
-
- }
+package com.ruoyi.common.filter;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import com.ruoyi.common.utils.StringUtils;
+
+/**
+ * 闃叉XSS鏀诲嚮鐨勮繃婊ゅ櫒
+ *
+ * @author ruoyi
+ */
+public class XssFilter implements Filter
+{
+ /**
+ * 鎺掗櫎閾炬帴
+ */
+ public List<String> excludes = new ArrayList<>();
+
+ /**
+ * xss杩囨护寮�鍏�
+ */
+ public boolean enabled = false;
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException
+ {
+ String tempExcludes = filterConfig.getInitParameter("excludes");
+ String tempEnabled = filterConfig.getInitParameter("enabled");
+ if (StringUtils.isNotEmpty(tempExcludes))
+ {
+ String[] url = tempExcludes.split(",");
+ for (int i = 0; url != null && i < url.length; i++)
+ {
+ excludes.add(url[i]);
+ }
+ }
+ if (StringUtils.isNotEmpty(tempEnabled))
+ {
+ enabled = Boolean.valueOf(tempEnabled);
+ }
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException
+ {
+ HttpServletRequest req = (HttpServletRequest) request;
+ HttpServletResponse resp = (HttpServletResponse) response;
+ if (handleExcludeURL(req, resp))
+ {
+ chain.doFilter(request, response);
+ return;
+ }
+ XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
+ chain.doFilter(xssRequest, response);
+ }
+
+ private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
+ {
+ if (!enabled)
+ {
+ return true;
+ }
+ if (excludes == null || excludes.isEmpty())
+ {
+ return false;
+ }
+ String url = request.getServletPath();
+ for (String pattern : excludes)
+ {
+ Pattern p = Pattern.compile("^" + pattern);
+ Matcher m = p.matcher(url);
+ if (m.find())
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public void destroy()
+ {
+
+ }
}
\ No newline at end of file
--
Gitblit v1.9.3