fix xss filter parse array error
This commit is contained in:
parent
7727c1a45b
commit
471b128f22
@ -1,6 +1,7 @@
|
|||||||
package cn.lili.common.security.filter;
|
package cn.lili.common.security.filter;
|
||||||
|
|
||||||
|
|
||||||
|
import cn.hutool.core.text.CharSequenceUtil;
|
||||||
import cn.hutool.http.HtmlUtil;
|
import cn.hutool.http.HtmlUtil;
|
||||||
import cn.hutool.json.JSONUtil;
|
import cn.hutool.json.JSONUtil;
|
||||||
|
|
||||||
@ -120,7 +121,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|||||||
//获取输入流
|
//获取输入流
|
||||||
ServletInputStream in = super.getInputStream();
|
ServletInputStream in = super.getInputStream();
|
||||||
//用于存储输入流
|
//用于存储输入流
|
||||||
StringBuffer body = new StringBuffer();
|
StringBuilder body = new StringBuilder();
|
||||||
InputStreamReader reader = new InputStreamReader(in, StandardCharsets.UTF_8);
|
InputStreamReader reader = new InputStreamReader(in, StandardCharsets.UTF_8);
|
||||||
BufferedReader bufferedReader = new BufferedReader(reader);
|
BufferedReader bufferedReader = new BufferedReader(reader);
|
||||||
//按行读取输入流
|
//按行读取输入流
|
||||||
@ -136,6 +137,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|||||||
reader.close();
|
reader.close();
|
||||||
in.close();
|
in.close();
|
||||||
|
|
||||||
|
if (CharSequenceUtil.isNotEmpty(body) && Boolean.TRUE.equals(JSONUtil.isJsonObj(body.toString()))) {
|
||||||
//将body转换为map
|
//将body转换为map
|
||||||
Map<String, Object> map = JSONUtil.parseObj(body.toString());
|
Map<String, Object> map = JSONUtil.parseObj(body.toString());
|
||||||
//创建空的map用于存储结果
|
//创建空的map用于存储结果
|
||||||
@ -153,7 +155,34 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|||||||
//将resultMap转换为json字符串
|
//将resultMap转换为json字符串
|
||||||
String resultStr = JSONUtil.toJsonStr(resultMap);
|
String resultStr = JSONUtil.toJsonStr(resultMap);
|
||||||
//将json字符串转换为字节
|
//将json字符串转换为字节
|
||||||
final ByteArrayInputStream bis = new ByteArrayInputStream(resultStr.getBytes());
|
final ByteArrayInputStream resultBIS = new ByteArrayInputStream(resultStr.getBytes());
|
||||||
|
|
||||||
|
//实现接口
|
||||||
|
return new ServletInputStream() {
|
||||||
|
@Override
|
||||||
|
public boolean isFinished() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isReady() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setReadListener(ReadListener readListener) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int read() {
|
||||||
|
return resultBIS.read();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
//将json字符串转换为字节
|
||||||
|
final ByteArrayInputStream bis = new ByteArrayInputStream(body.toString().getBytes());
|
||||||
|
|
||||||
//实现接口
|
//实现接口
|
||||||
return new ServletInputStream() {
|
return new ServletInputStream() {
|
||||||
@ -177,6 +206,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
|||||||
return bis.read();
|
return bis.read();
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private String cleanXSS(String value) {
|
private String cleanXSS(String value) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user