manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

skinName add xssFilter

Browse Source
This commit is contained in:
thinkgem
2024-05-11 15:28:01 +08:00
parent 1ac8085c8c
commit ad292502a9
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
View File

@@ -5,6 +5,7 @@
package com.jeesite.modules.sys.web; package com.jeesite.modules.sys.web;
import com.fasterxml.jackson.annotation.JsonView; import com.fasterxml.jackson.annotation.JsonView;
import com.jeesite.common.codec.EncodeUtils;
import com.jeesite.common.config.Global; import com.jeesite.common.config.Global;
import com.jeesite.common.lang.StringUtils; import com.jeesite.common.lang.StringUtils;
import com.jeesite.common.shiro.filter.FormFilter; import com.jeesite.common.shiro.filter.FormFilter;
@@ -397,7 +398,7 @@ public class LoginController extends BaseController{
@RequestMapping(value = "switchSkin/{skinName}") @RequestMapping(value = "switchSkin/{skinName}")
public String switchSkin(@PathVariable String skinName, HttpServletRequest request, HttpServletResponse response) { public String switchSkin(@PathVariable String skinName, HttpServletRequest request, HttpServletResponse response) {
if (StringUtils.isNotBlank(skinName) && !"select".equals(skinName)){ if (StringUtils.isNotBlank(skinName) && !"select".equals(skinName)){
CookieUtils.setCookie(response, "skinName", skinName); CookieUtils.setCookie(response, "skinName", EncodeUtils.encodeUrl(EncodeUtils.xssFilter(skinName, request)));
if (ServletUtils.isAjaxRequest(request)) { if (ServletUtils.isAjaxRequest(request)) {
return renderResult(response, Global.TRUE, text("主题切换成功")); return renderResult(response, Global.TRUE, text("主题切换成功"));
} }