From f1208474f771a1c233d7425c8ed13fbaa0d521ac Mon Sep 17 00:00:00 2001
From: baoshiwei <baoshiwei@shlanbao.cn>
Date: 星期三, 12 三月 2025 09:35:13 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/5.X' into 5.X
---
ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java | 63 +++++++++++++++++++++++++------
1 files changed, 50 insertions(+), 13 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
index 4a425c5..914e549 100644
--- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
+++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java
@@ -1,19 +1,23 @@
package org.dromara.common.web.filter;
import cn.hutool.core.io.IoUtil;
+import cn.hutool.core.map.MapUtil;
+import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HtmlUtil;
-import org.dromara.common.core.utils.StringUtils;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.MediaType;
-
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
+import org.dromara.common.core.utils.StringUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
+import java.util.Map;
/**
* XSS杩囨护澶勭悊
@@ -29,18 +33,51 @@
}
@Override
+ public String getParameter(String name) {
+ String value = super.getParameter(name);
+ if (value == null) {
+ return null;
+ }
+ return HtmlUtil.cleanHtmlTag(value).trim();
+ }
+
+ @Override
+ public Map<String, String[]> getParameterMap() {
+ Map<String, String[]> valueMap = super.getParameterMap();
+ if (MapUtil.isEmpty(valueMap)) {
+ return valueMap;
+ }
+ // 閬垮厤鏌愪簺瀹瑰櫒涓嶅厑璁告敼鍙傛暟鐨勬儏鍐� copy涓�浠介噸鏂版敼
+ Map<String, String[]> map = new HashMap<>(valueMap.size());
+ map.putAll(valueMap);
+ for (Map.Entry<String, String[]> entry : map.entrySet()) {
+ String[] values = entry.getValue();
+ if (values != null) {
+ int length = values.length;
+ String[] escapseValues = new String[length];
+ for (int i = 0; i < length; i++) {
+ // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
+ escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+ }
+ map.put(entry.getKey(), escapseValues);
+ }
+ }
+ return map;
+ }
+
+ @Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
- if (values != null) {
- int length = values.length;
- String[] escapseValues = new String[length];
- for (int i = 0; i < length; i++) {
- // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
- escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
- }
- return escapseValues;
+ if (ArrayUtil.isEmpty(values)) {
+ return values;
}
- return super.getParameterValues(name);
+ int length = values.length;
+ String[] escapseValues = new String[length];
+ for (int i = 0; i < length; i++) {
+ // 闃瞲ss鏀诲嚮鍜岃繃婊ゅ墠鍚庣┖鏍�
+ escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim();
+ }
+ return escapseValues;
}
@Override
--
Gitblit v1.9.3