update

2024-04-25 23:30:32 +08:00
parent d8d8902e71
commit aedd50c8c2
4 changed files with 21 additions and 36 deletions
--- a/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
+++ b/common/src/main/java/com/jeesite/common/codec/EncodeUtils.java
@@ -1,7 +1,6 @@
 /**
- * Copyright (c) 2005-2012 springside.org.cn
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
 */
 package com.jeesite.common.codec;

@@ -20,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -73,11 +73,7 @@ public class EncodeUtils {
 		if (StringUtils.isBlank(input)){
 			return StringUtils.EMPTY;
 		}
-		try {
-			return new String(Base64.encodeBase64(input.getBytes(EncodeUtils.UTF_8)));
-		} catch (UnsupportedEncodingException e) {
-			return "";
-		}
+		return new String(Base64.encodeBase64(input.getBytes(StandardCharsets.UTF_8)));
 	}

 //	/**
@@ -91,11 +87,7 @@ public class EncodeUtils {
 	 * Base64解码.
 	 */
 	public static byte[] decodeBase64(String input) {
-		try {
-			return Base64.decodeBase64(input.getBytes(EncodeUtils.UTF_8));
-		} catch (UnsupportedEncodingException e) {
-			throw ExceptionUtils.unchecked(e);
-		}
+		return Base64.decodeBase64(input.getBytes(StandardCharsets.UTF_8));
 	}

 	/**
@@ -105,11 +97,7 @@ public class EncodeUtils {
 		if (StringUtils.isBlank(input)){
 			return StringUtils.EMPTY;
 		}
-		try {
-			return new String(Base64.decodeBase64(input.getBytes(EncodeUtils.UTF_8)), EncodeUtils.UTF_8);
-		} catch (UnsupportedEncodingException e) {
-			return StringUtils.EMPTY;
-		}
+		return new String(Base64.decodeBase64(input.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
 	}

 	/**
@@ -201,11 +189,11 @@ public class EncodeUtils {
 	}

 	// 预编译XSS过滤正则表达式
-	private static List<Pattern> xssPatterns = ListUtils.newArrayList(
+	private static final List<Pattern> xssPatterns = ListUtils.newArrayList(
 			Pattern.compile("(<\\s*(script|link|style|iframe)([\\s\\S]*?)(>|<\\/\\s*\\1\\s*>))|(</\\s*(script|link|style|iframe)\\s*>)", Pattern.CASE_INSENSITIVE),
 			Pattern.compile("\\s*(href|src)\\s*=\\s*(\"\\s*(javascript|vbscript):[^\"]+\"|'\\s*(javascript|vbscript):[^']+'|(javascript|vbscript):[^\\s]+)\\s*(?=>)", Pattern.CASE_INSENSITIVE),
 			Pattern.compile("\\s*on[a-z]+\\s*=\\s*(\"[^\"]+\"|'[^']+'|[^\\s]+)\\s*(?=>)", Pattern.CASE_INSENSITIVE),
-			Pattern.compile("(eval\\((.*?)\\)|xpression\\((.*?)\\))", Pattern.CASE_INSENSITIVE),
+			Pattern.compile("(eval\\((.*?)\\)|expression\\((.*?)\\))", Pattern.CASE_INSENSITIVE),
 			Pattern.compile("^(javascript:|vbscript:)", Pattern.CASE_INSENSITIVE)
 	);

@@ -236,9 +224,9 @@ public class EncodeUtils {
 				}
 			}
 			// 如果开始不是HTML，XML，JOSN格式，则再进行HTML的 "、<、> 转码。
-			if (!StringUtils.startsWithIgnoreCase(value, "<!--HTML-->")     // HTML
-					&& !StringUtils.startsWithIgnoreCase(value, "<?xml ")     // XML
-					&& !StringUtils.contains(value, "id=\"FormHtml\"")         // JFlow
+			if (!StringUtils.startsWithIgnoreCase(value, "<!--HTML-->")    // HTML
+					&& !StringUtils.startsWithIgnoreCase(value, "<?xml ")  // XML
+					&& !StringUtils.contains(value, "id=\"FormHtml\"") // JFlow
 					&& !(StringUtils.startsWith(value, "{") && StringUtils.endsWith(value, "}")) // JSON Object
 					&& !(StringUtils.startsWith(value, "[") && StringUtils.endsWith(value, "]")) // JSON Array
 			){
@@ -275,11 +263,11 @@ public class EncodeUtils {
 	}

 	// 预编译SQL过滤正则表达式
-	private static Pattern sqlPattern = Pattern.compile(
+	private static final Pattern sqlPattern = Pattern.compile(
 			"(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|((extractvalue|updatexml|if|mid|database|rand|user)([\\s]*?)\\()"
 			+ "|(\\b(select|update|and|or|delete|insert|trancate|substr|ascii|declare|exec|count|master|into"
 			+ "|drop|execute|case when|sleep|union|load_file)\\b)", Pattern.CASE_INSENSITIVE);
-	private static Pattern orderByPattern = Pattern.compile("[a-z0-9_\\.\\, ]*", Pattern.CASE_INSENSITIVE);
+	private static final Pattern orderByPattern = Pattern.compile("[a-z0-9_\\.\\, ]*", Pattern.CASE_INSENSITIVE);

 	/**
 	 * SQL过滤，防止注入，传入参数输入有select相关代码，替换空。
@@ -331,7 +319,7 @@ public class EncodeUtils {
 //		xssFilter("<!--HTML-->12 你好 <script>window.location='url'我还在。");
 //		xssFilter("<!--HTML-->13 你好 </script></iframe>我还在。");
 //		xssFilter("<!--HTML-->14 你好 eval(abc)我还在。");
-//		xssFilter("<!--HTML-->15 你好 xpression(abc)我还在。");
+//		xssFilter("<!--HTML-->15 你好 expression(abc)我还在。");
 //		xssFilter("<!--HTML-->16 你好 <img src='abc.jpg' onerror='location='';alert(document.cookie);'></img>我还在。");
 //		xssFilter("<!--HTML-->17 你好 <img src='abc.jpg' onerror='alert(document.cookie);'/>我还在。");
 //		xssFilter("<!--HTML-->18 你好 <img src='abc.jpg' onerror='alert(document.cookie);'>我还在。");
--- a/common/src/main/java/com/jeesite/common/lang/ExceptionUtils.java
+++ b/common/src/main/java/com/jeesite/common/lang/ExceptionUtils.java
@@ -1,12 +1,12 @@
 /**
- * Copyright (c) 2005-2012 springside.org.cn
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
 */
 package com.jeesite.common.lang;

 import javax.servlet.RequestDispatcher;
 import javax.servlet.http.HttpServletRequest;
+
 import java.io.PrintWriter;
 import java.io.StringWriter;

@@ -47,9 +47,7 @@ public class ExceptionUtils {
 				message = e.getMessage();
 				break;
 			}
-			if (StringUtils.isBlank(message)){
-				e = e.getCause();
-			}
+			e = e.getCause();
 		}
 		return message;
 	}
--- a/common/src/main/java/com/jeesite/common/reflect/ReflectUtils.java
+++ b/common/src/main/java/com/jeesite/common/reflect/ReflectUtils.java
@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2013-Now http://jeesite.com、springside.org.cn All rights reserved.
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
 * No deletion without permission, or be held responsible to law.
 */
 package com.jeesite.common.reflect;
--- a/common/src/main/java/com/jeesite/common/utils/ThreadUtils.java
+++ b/common/src/main/java/com/jeesite/common/utils/ThreadUtils.java
@@ -1,7 +1,6 @@
 /**
- * Copyright (c) 2005-2012 springside.org.cn
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
 */
 package com.jeesite.common.utils;