疯狂的狮子Li
3 years ago
committed by
Gitee
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with
6 additions and
4 deletions
-
ruoyi-common/src/main/java/com/ruoyi/common/filter/RepeatedlyRequestWrapper.java
-
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
|
|
@ -10,6 +10,7 @@ import javax.servlet.ServletResponse; |
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
import javax.servlet.http.HttpServletRequestWrapper; |
|
|
import javax.servlet.http.HttpServletRequestWrapper; |
|
|
import com.ruoyi.common.utils.http.HttpHelper; |
|
|
import com.ruoyi.common.utils.http.HttpHelper; |
|
|
|
|
|
import com.ruoyi.common.constant.Constants; |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* 构建可重复读取inputStream的request |
|
|
* 构建可重复读取inputStream的request |
|
|
@ -23,10 +24,10 @@ public class RepeatedlyRequestWrapper extends HttpServletRequestWrapper |
|
|
public RepeatedlyRequestWrapper(HttpServletRequest request, ServletResponse response) throws IOException |
|
|
public RepeatedlyRequestWrapper(HttpServletRequest request, ServletResponse response) throws IOException |
|
|
{ |
|
|
{ |
|
|
super(request); |
|
|
super(request); |
|
|
request.setCharacterEncoding("UTF-8"); |
|
|
request.setCharacterEncoding(Constants.UTF8); |
|
|
response.setCharacterEncoding("UTF-8"); |
|
|
response.setCharacterEncoding(Constants.UTF8); |
|
|
|
|
|
|
|
|
body = HttpHelper.getBodyString(request).getBytes("UTF-8"); |
|
|
body = HttpHelper.getBodyString(request).getBytes(Constants.UTF8); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Override |
|
|
@Override |
|
|
|
|
|
@ -12,6 +12,7 @@ import javax.servlet.ServletResponse; |
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
import com.ruoyi.common.utils.StringUtils; |
|
|
import com.ruoyi.common.utils.StringUtils; |
|
|
|
|
|
import com.ruoyi.common.enums.HttpMethod; |
|
|
|
|
|
|
|
|
/** |
|
|
/** |
|
|
* 防止XSS攻击的过滤器 |
|
|
* 防止XSS攻击的过滤器 |
|
|
@ -59,7 +60,7 @@ public class XssFilter implements Filter |
|
|
String url = request.getServletPath(); |
|
|
String url = request.getServletPath(); |
|
|
String method = request.getMethod(); |
|
|
String method = request.getMethod(); |
|
|
// GET DELETE 不过滤
|
|
|
// GET DELETE 不过滤
|
|
|
if (method == null || method.matches("GET") || method.matches("DELETE")) |
|
|
if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method)) |
|
|
{ |
|
|
{ |
|
|
return true; |
|
|
return true; |
|
|
} |
|
|
} |
|
|
|
