From a13fbf45e8bd6bef1691b5b0dd2b2e27fc3dfb9d Mon Sep 17 00:00:00 2001
From: thinkgem <thinkgem@163.com>
Date: Mon, 29 Nov 2021 11:51:16 +0800
Subject: [PATCH] =?UTF-8?q?=E9=98=B2=E7=99=BB=E5=BD=95=E4=BF=A1=E6=81=AF?=
 =?UTF-8?q?=E8=BF=87=E9=95=BF=E6=94=BB=E5=87=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/com/jeesite/common/shiro/filter/FormFilter.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
index 2c6f2441..e0610f2c 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
@@ -107,6 +107,9 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
 		if (StringUtils.isBlank(username)){
 			username = ObjectUtils.toString(request.getAttribute(getUsernameParam()), StringUtils.EMPTY);
 		}
+		if (StringUtils.length(username) > 1000) {
+    		throw new AuthenticationException("msg:"+Global.getText("sys.login.error"));
+		}
 		// 登录用户名解密（解决登录用户名明文传输安全问题）
 		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
 		if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(secretKey)){
@@ -134,6 +137,9 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
 		if (StringUtils.isBlank(password)){
 			password = ObjectUtils.toString(request.getAttribute(getPasswordParam()), StringUtils.EMPTY);
 		}
+		if (StringUtils.length(password) > 1000) {
+    		throw new AuthenticationException("msg:"+Global.getText("sys.login.error"));
+		}
 		// 登录密码解密（解决登录密码明文传输安全问题）
 		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
 		if (StringUtils.isNotBlank(password) && StringUtils.isNotBlank(secretKey)){
@@ -173,6 +179,9 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
 		if (StringUtils.isBlank(captcha)){
 			captcha = ObjectUtils.toString(request.getAttribute(CAPTCHA_PARAM), StringUtils.EMPTY);
 		}
+		if (StringUtils.length(captcha) > 100) {
+    		throw new AuthenticationException("msg:"+Global.getText("sys.login.error"));
+		}
 		// 登录用户名解密（解决登录用户名明文传输安全问题）
 		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
 		if (StringUtils.isNotBlank(captcha) && StringUtils.isNotBlank(secretKey)){