忽略加密参数xss，增加微信调试信息

2021-11-14 15:33:30 +08:00 · 2021-11-14 15:33:30 +08:00 · 155d98e8b9
commit 155d98e8b9
parent 3c6d6e67bd
2 changed files with 4 additions and 2 deletions
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@ -29,7 +29,7 @@ import java.util.Map;
 */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {

-    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name"};
+    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted"};

    public XssHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
--- a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
@ -309,8 +309,10 @@ public class ConnectServiceImpl extends ServiceImpl<ConnectMapper, Connect> impl
     * @return 用户信息
     */
    public JSONObject getUserInfo(String encryptedData, String sessionKey, String iv) {
+
+        log.info("encryptedData:{},sessionKey:{},iv:{}", encryptedData, sessionKey, iv);
        //被加密的数据
-        byte[] dataByte = Base64.getDecoder().decode(encryptedData.replace("\r\n", ""));
+        byte[] dataByte = Base64.getDecoder().decode(encryptedData);
        //加密秘钥
        byte[] keyByte = Base64.getDecoder().decode(sessionKey);
        //偏移量