From 7eedf37149b89e6200c5e30abb8dc2575eb6e3d5 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期四, 02 十二月 2021 18:47:18 +0800
Subject: [PATCH] update 优化 pr !118 代码结构
---
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java | 76 ++++++++++----------------------------
1 files changed, 20 insertions(+), 56 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
index b3df122..f397de1 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
@@ -1,64 +1,42 @@
package com.ruoyi.common.filter;
+import com.ruoyi.common.utils.StringUtils;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import com.ruoyi.common.utils.StringUtils;
/**
* 闃叉XSS鏀诲嚮鐨勮繃婊ゅ櫒
- *
+ *
* @author ruoyi
*/
-public class XssFilter implements Filter
-{
+public class XssFilter implements Filter {
/**
* 鎺掗櫎閾炬帴
*/
public List<String> excludes = new ArrayList<>();
- /**
- * xss杩囨护寮�鍏�
- */
- public boolean enabled = false;
-
@Override
- public void init(FilterConfig filterConfig) throws ServletException
- {
+ public void init(FilterConfig filterConfig) throws ServletException {
String tempExcludes = filterConfig.getInitParameter("excludes");
- String tempEnabled = filterConfig.getInitParameter("enabled");
- if (StringUtils.isNotEmpty(tempExcludes))
- {
+ if (StringUtils.isNotEmpty(tempExcludes)) {
String[] url = tempExcludes.split(",");
- for (int i = 0; url != null && i < url.length; i++)
- {
+ for (int i = 0; url != null && i < url.length; i++) {
excludes.add(url[i]);
}
- }
- if (StringUtils.isNotEmpty(tempEnabled))
- {
- enabled = Boolean.valueOf(tempEnabled);
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
- throws IOException, ServletException
- {
+ throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
- if (handleExcludeURL(req, resp))
- {
+ if (handleExcludeURL(req, resp)) {
chain.doFilter(request, response);
return;
}
@@ -66,32 +44,18 @@
chain.doFilter(xssRequest, response);
}
- private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
- {
- if (!enabled)
- {
+ private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
+ String url = request.getServletPath();
+ String method = request.getMethod();
+ // GET DELETE 涓嶈繃婊�
+ if (method == null || method.matches("GET") || method.matches("DELETE")) {
return true;
}
- if (excludes == null || excludes.isEmpty())
- {
- return false;
- }
- String url = request.getServletPath();
- for (String pattern : excludes)
- {
- Pattern p = Pattern.compile("^" + pattern);
- Matcher m = p.matcher(url);
- if (m.find())
- {
- return true;
- }
- }
- return false;
+ return StringUtils.matches(url, excludes);
}
@Override
- public void destroy()
- {
+ public void destroy() {
}
-}
\ No newline at end of file
+}
--
Gitblit v1.9.3