From 82f1f5d0cf1b51a5d81915e842e01760f404fa74 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期三, 20 十月 2021 13:07:16 +0800
Subject: [PATCH] update 优化xxl-job-admin相关pr代码 增加格式化日志输出与docker镜像
---
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java | 221 ++++++++++++++++++++++++++++---------------------------
1 files changed, 112 insertions(+), 109 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
index fa7b60b..8af1257 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssHttpServletRequestWrapper.java
@@ -1,110 +1,113 @@
-package com.ruoyi.common.filter;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import org.apache.commons.io.IOUtils;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.MediaType;
-import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.html.EscapeUtil;
-
-/**
- * XSS杩囨护澶勭悊
- *
- * @author ruoyi
- */
-public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
-{
- /**
- * @param request
- */
- public XssHttpServletRequestWrapper(HttpServletRequest request)
- {
- super(request);
- }
-
- @Override
- public String[] getParameterValues(String name)
- {
- String[] values = super.getParameterValues(name);
- if (values != null)
- {
- int length = values.length;
- String[] escapseValues = new String[length];
- for (int i = 0; i < length; i++)
- {
- // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
- escapseValues[i] = EscapeUtil.clean(values[i]).trim();
- }
- return escapseValues;
- }
- return super.getParameterValues(name);
- }
-
- @Override
- public ServletInputStream getInputStream() throws IOException
- {
- // 闈瀓son绫诲瀷锛岀洿鎺ヨ繑鍥�
- if (!isJsonRequest())
- {
- return super.getInputStream();
- }
-
- // 涓虹┖锛岀洿鎺ヨ繑鍥�
- String json = IOUtils.toString(super.getInputStream(), "utf-8");
- if (StringUtils.isEmpty(json))
- {
- return super.getInputStream();
- }
-
- // xss杩囨护
- json = EscapeUtil.clean(json).trim();
- byte[] jsonBytes = json.getBytes("utf-8");
- final ByteArrayInputStream bis = new ByteArrayInputStream(jsonBytes);
- return new ServletInputStream()
- {
- @Override
- public boolean isFinished()
- {
- return true;
- }
-
- @Override
- public boolean isReady()
- {
- return true;
- }
-
- @Override
- public int available() throws IOException {
- return jsonBytes.length;
- }
-
- @Override
- public void setReadListener(ReadListener readListener)
- {
- }
-
- @Override
- public int read() throws IOException
- {
- return bis.read();
- }
- };
- }
-
- /**
- * 鏄惁鏄疛son璇锋眰
- *
- * @param request
- */
- public boolean isJsonRequest()
- {
- String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
- return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
- }
+package com.ruoyi.common.filter;
+
+import cn.hutool.core.io.IoUtil;
+import cn.hutool.http.HtmlUtil;
+import com.ruoyi.common.utils.StringUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+/**
+ * XSS杩囨护澶勭悊
+ *
+ * @author ruoyi
+ */
+public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper
+{
+ /**
+ * @param request
+ */
+ public XssHttpServletRequestWrapper(HttpServletRequest request)
+ {
+ super(request);
+ }
+
+ @Override
+ public String[] getParameterValues(String name)
+ {
+ String[] values = super.getParameterValues(name);
+ if (values != null)
+ {
+ int length = values.length;
+ String[] escapseValues = new String[length];
+ for (int i = 0; i < length; i++)
+ {
+ // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
+ escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+ }
+ return escapseValues;
+ }
+ return super.getParameterValues(name);
+ }
+
+ @Override
+ public ServletInputStream getInputStream() throws IOException
+ {
+ // 闈瀓son绫诲瀷锛岀洿鎺ヨ繑鍥�
+ if (!isJsonRequest())
+ {
+ return super.getInputStream();
+ }
+
+ // 涓虹┖锛岀洿鎺ヨ繑鍥�
+ String json = IoUtil.read(super.getInputStream(), StandardCharsets.UTF_8);
+ if (StringUtils.isEmpty(json))
+ {
+ return super.getInputStream();
+ }
+
+ // xss杩囨护
+ json = HtmlUtil.cleanHtmlTag(json).trim();
+ byte[] jsonBytes = json.getBytes(StandardCharsets.UTF_8);
+ final ByteArrayInputStream bis = IoUtil.toStream(jsonBytes);
+ return new ServletInputStream()
+ {
+ @Override
+ public boolean isFinished()
+ {
+ return true;
+ }
+
+ @Override
+ public boolean isReady()
+ {
+ return true;
+ }
+
+ @Override
+ public int available() throws IOException
+ {
+ return jsonBytes.length;
+ }
+
+ @Override
+ public void setReadListener(ReadListener readListener)
+ {
+ }
+
+ @Override
+ public int read() throws IOException
+ {
+ return bis.read();
+ }
+ };
+ }
+
+ /**
+ * 鏄惁鏄疛son璇锋眰
+ *
+ * @param request
+ */
+ public boolean isJsonRequest()
+ {
+ String header = super.getHeader(HttpHeaders.CONTENT_TYPE);
+ return StringUtils.startsWithIgnoreCase(header, MediaType.APPLICATION_JSON_VALUE);
+ }
}
\ No newline at end of file
--
Gitblit v1.9.3