From fc25868b86a82cd9f3424d4a0ea3bc022280a148 Mon Sep 17 00:00:00 2001 From: thinkgem Date: Thu, 18 Jun 2020 20:33:58 +0800 Subject: [PATCH] =?UTF-8?q?log=20=E8=AF=B7=E6=B1=82=E5=8F=82=E6=95=B0?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20xss=20=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/jeesite/modules/sys/entity/Log.java | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/entity/Log.java b/modules/core/src/main/java/com/jeesite/modules/sys/entity/Log.java index 1b2b0fe0..1fa7f996 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/entity/Log.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/entity/Log.java @@ -5,10 +5,12 @@ package com.jeesite.modules.sys.entity; import java.util.Map; -import org.apache.commons.lang3.builder.ReflectionToStringBuilder; -import org.hibernate.validator.constraints.Length; import javax.validation.constraints.NotBlank; +import org.apache.commons.lang3.builder.ReflectionToStringBuilder; +import org.hibernate.validator.constraints.Length; + +import com.jeesite.common.codec.EncodeUtils; import com.jeesite.common.collect.MapUtils; import com.jeesite.common.entity.BaseEntity; import com.jeesite.common.entity.DataEntity; @@ -242,9 +244,15 @@ public class Log extends DataEntity { if (StringUtils.endsWithIgnoreCase(param.getKey(), "password")){ params.append("*"); }else if (param.getValue() != null) { - params.append(StringUtils.abbr(StringUtils.join(param.getValue(), ","), 1000)); + params.append(EncodeUtils.xssFilter(StringUtils.abbr(StringUtils.join(param.getValue(), ","), 1000))); } - this.paramsMap.put(param.getKey(), param.getValue()); + String[] values = param.getValue(); + if (values != null) { + for (int i=0; i