From 19ba6daea7eda5413b4041b7fe2632d191a8a0a2 Mon Sep 17 00:00:00 2001 From: thinkgem Date: Thu, 9 Aug 2018 21:04:26 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E7=99=BB=E5=BD=95=E9=A1=B5?= =?UTF-8?q?=E8=AE=B0=E4=BD=8F=E8=B4=A6=E5=8F=B7=E5=9C=A8DES=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=9A=84=E6=83=85=E5=86=B5=E4=B8=8B=EF=BC=8C=E4=BC=9A?= =?UTF-8?q?=E6=9C=89XSS=E6=BC=8F=E6=B4=9E=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../jeesite/common/shiro/filter/FormAuthenticationFilter.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java index 0ef844c3..bc69ba63 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java @@ -23,6 +23,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.jeesite.common.codec.DesUtils; +import com.jeesite.common.codec.EncodeUtils; import com.jeesite.common.config.Global; import com.jeesite.common.lang.ObjectUtils; import com.jeesite.common.lang.StringUtils; @@ -94,7 +95,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. } // 登录成功后,判断是否需要记住用户名 if (WebUtils.isTrue(request, DEFAULT_REMEMBER_USERCODE_PARAM)) { - rememberUserCodeCookie.setValue(username); + rememberUserCodeCookie.setValue(EncodeUtils.xssFilter(username)); rememberUserCodeCookie.saveTo((HttpServletRequest)request, (HttpServletResponse)response); } else { rememberUserCodeCookie.removeFrom((HttpServletRequest)request, (HttpServletResponse)response);