From 8d8d76364b7b979782de6c6c25f9fcf8786c2121 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 21 十月 2024 13:59:39 +0800
Subject: [PATCH] fix 修复 xss过滤器 未过滤url参数问题
---
ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java | 30 +++++++++++++++++++++++++++++-
1 files changed, 29 insertions(+), 1 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
index 4a425c5..190f94e 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
@@ -14,6 +14,7 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
+import java.util.Map;
/**
* XSS杩囨护澶勭悊
@@ -29,6 +30,33 @@
}
@Override
+ public String getParameter(String name) {
+ String value = super.getParameter(name);
+ if (value != null) {
+ return HtmlUtil.cleanHtmlTag(value).trim();
+ }
+ return value;
+ }
+
+ @Override
+ public Map<String, String[]> getParameterMap() {
+ Map<String, String[]> valueMap = super.getParameterMap();
+ for (Map.Entry<String, String[]> entry : valueMap.entrySet()) {
+ String[] values = entry.getValue();
+ if (values != null) {
+ int length = values.length;
+ String[] escapseValues = new String[length];
+ for (int i = 0; i < length; i++) {
+ // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
+ escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+ }
+ valueMap.put(entry.getKey(), escapseValues);
+ }
+ }
+ return valueMap;
+ }
+
+ @Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values != null) {
@@ -40,7 +68,7 @@
}
return escapseValues;
}
- return super.getParameterValues(name);
+ return values;
}
@Override
--
Gitblit v1.9.3