diff --git a/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java index 46539670..d6cb030f 100644 --- a/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java @@ -74,8 +74,7 @@ public class AfterSaleBuyerController { }) @GetMapping(value = "/applyAfterSaleInfo/{sn}") public ResultMessage applyAfterSaleInfo(@PathVariable String sn) { - AfterSaleApplyVO afterSaleApplyVO = OperationalJudgment.judgment(afterSaleService.getAfterSaleVO(sn)); - return ResultUtil.data(afterSaleApplyVO); + return ResultUtil.data(afterSaleService.getAfterSaleVO(sn)); } @PostMapping(value = "/save/{orderItemSn}") diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java index f776091a..d7061cf2 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java +++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java @@ -35,7 +35,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { * * @todo 这里的参数应该更智能些,例如iv,前端的参数包含这两个字母就会放过,这是有问题的 */ - private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv","mail"}; + private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "image", "encrypted", "iv","mail"}; public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); @@ -235,7 +235,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { private String filterXss(String name, String value) { if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) { // 忽略的处理,(过滤敏感字符) - return HtmlUtil.filter(value); + return HtmlUtil.unescape(HtmlUtil.filter(value)); } else { return cleanXSS(value); } diff --git a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java index b2c5003c..68ca20b6 100644 --- a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java @@ -4,16 +4,15 @@ import cn.hutool.json.JSONObject; import cn.hutool.json.JSONUtil; import cn.lili.cache.Cache; import cn.lili.cache.CachePrefix; +import cn.lili.common.context.ThreadContextHolder; +import cn.lili.common.enums.ClientTypeEnum; import cn.lili.common.enums.ResultCode; import cn.lili.common.exception.ServiceException; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; import cn.lili.common.security.token.Token; -import cn.lili.modules.member.token.MemberTokenGenerate; import cn.lili.common.utils.CookieUtil; import cn.lili.common.utils.StringUtils; -import cn.lili.common.context.ThreadContextHolder; -import cn.lili.common.enums.ClientTypeEnum; import cn.lili.modules.connect.entity.Connect; import cn.lili.modules.connect.entity.dto.ConnectAuthUser; import cn.lili.modules.connect.entity.dto.WechatMPLoginParams; @@ -22,6 +21,7 @@ import cn.lili.modules.connect.mapper.ConnectMapper; import cn.lili.modules.connect.service.ConnectService; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.service.MemberService; +import cn.lili.modules.member.token.MemberTokenGenerate; import cn.lili.modules.system.entity.dos.Setting; import cn.lili.modules.system.entity.dto.connect.WechatConnectSetting; import cn.lili.modules.system.entity.dto.connect.dto.WechatConnectSettingItem; diff --git a/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java b/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java index 27937a82..cf157d89 100644 --- a/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java +++ b/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java @@ -3,12 +3,9 @@ package cn.lili.modules.member.entity.vo; import cn.lili.common.enums.ClientTypeEnum; import cn.lili.common.security.sensitive.Sensitive; import cn.lili.common.security.sensitive.enums.SensitiveStrategy; -import com.baomidou.mybatisplus.annotation.FieldFill; -import com.baomidou.mybatisplus.annotation.TableField; import com.fasterxml.jackson.annotation.JsonFormat; import io.swagger.annotations.ApiModelProperty; import lombok.Data; -import org.springframework.data.annotation.CreatedDate; import org.springframework.format.annotation.DateTimeFormat; import java.io.Serializable; diff --git a/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java b/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java index 8db3717c..c8c86a29 100644 --- a/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java @@ -136,7 +136,7 @@ public class AfterSaleServiceImpl extends ServiceImpl