manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

log 请求参数增加 xss 过滤

Browse Source
This commit is contained in:
thinkgem
2020-06-18 20:33:58 +08:00
parent 47b091e6a1
commit fc25868b86
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
modules/core/src/main/java/com/jeesite/modules/sys/entity/Log.java
View File

@@ -5,10 +5,12 @@ package com.jeesite.modules.sys.entity;
import java.util.Map; import java.util.Map;
import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
import org.hibernate.validator.constraints.Length;
import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotBlank;
import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
import org.hibernate.validator.constraints.Length;
import com.jeesite.common.codec.EncodeUtils;
import com.jeesite.common.collect.MapUtils; import com.jeesite.common.collect.MapUtils;
import com.jeesite.common.entity.BaseEntity; import com.jeesite.common.entity.BaseEntity;
import com.jeesite.common.entity.DataEntity; import com.jeesite.common.entity.DataEntity;
@@ -242,9 +244,15 @@ public class Log extends DataEntity<Log> {
if (StringUtils.endsWithIgnoreCase(param.getKey(), "password")){ if (StringUtils.endsWithIgnoreCase(param.getKey(), "password")){
params.append("*"); params.append("*");
}else if (param.getValue() != null) { }else if (param.getValue() != null) {
params.append(StringUtils.abbr(StringUtils.join(param.getValue(), ","), 1000)); params.append(EncodeUtils.xssFilter(StringUtils.abbr(StringUtils.join(param.getValue(), ","), 1000)));
} }
this.paramsMap.put(param.getKey(), param.getValue()); String[] values = param.getValue();
if (values != null) {
for (int i=0; i<values.length; i++) {
values[i] = EncodeUtils.xssFilter(values[i]);
}
}
this.paramsMap.put(param.getKey(), values);
} }
this.requestParams = params.toString(); this.requestParams = params.toString();
} }