From 155d98e8b94ff3a08165c1824ca5dbd69c17e3cf Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:33:30 +0800
Subject: [PATCH] =?UTF-8?q?=E5=BF=BD=E7=95=A5=E5=8A=A0=E5=AF=86=E5=8F=82?=
 =?UTF-8?q?=E6=95=B0xss=EF=BC=8C=E5=A2=9E=E5=8A=A0=E5=BE=AE=E4=BF=A1?=
 =?UTF-8?q?=E8=B0=83=E8=AF=95=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java  | 2 +-
 .../lili/modules/connect/serviceimpl/ConnectServiceImpl.java  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index 013ebba1..a95b9eb4 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -29,7 +29,7 @@ import java.util.Map;
  */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
-    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name"};
+    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);
diff --git a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
index 8055ddc0..b2c5003c 100644
--- a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
@@ -309,8 +309,10 @@ public class ConnectServiceImpl extends ServiceImpl<ConnectMapper, Connect> impl
      * @return 用户信息
      */
     public JSONObject getUserInfo(String encryptedData, String sessionKey, String iv) {
+
+        log.info("encryptedData:{},sessionKey:{},iv:{}", encryptedData, sessionKey, iv);
         //被加密的数据
-        byte[] dataByte = Base64.getDecoder().decode(encryptedData.replace("\r\n", ""));
+        byte[] dataByte = Base64.getDecoder().decode(encryptedData);
         //加密秘钥
         byte[] keyByte = Base64.getDecoder().decode(sessionKey);
         //偏移量