Merge branch 'master' of gitee.com:beijing_hongye_huicheng/lilishop into feature/pg
# Conflicts: # framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
This commit is contained in:
paulGao
commit
a843081663
@ -29,7 +29,13 @@ import java.util.Map;
|
||||
*/
|
||||
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
||||
|
||||
private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "image"};
|
||||
|
||||
/**
|
||||
* xss过滤参数
|
||||
*
|
||||
* @todo 这里的参数应该更智能些,例如iv,前端的参数包含这两个字母就会放过,这是有问题的
|
||||
*/
|
||||
private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "image", "encrypted", "iv","mail"};
|
||||
|
||||
public XssHttpServletRequestWrapper(HttpServletRequest request) {
|
||||
super(request);
|
||||
@ -227,7 +233,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
||||
* @return 参数值
|
||||
*/
|
||||
private String filterXss(String name, String value) {
|
||||
if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) {
|
||||
if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) {
|
||||
// 忽略的处理,(过滤敏感字符)
|
||||
return HtmlUtil.unescape(HtmlUtil.filter(value));
|
||||
} else {
|
||||
|
||||
@ -4,16 +4,15 @@ import cn.hutool.json.JSONObject;
|
||||
import cn.hutool.json.JSONUtil;
|
||||
import cn.lili.cache.Cache;
|
||||
import cn.lili.cache.CachePrefix;
|
||||
import cn.lili.common.context.ThreadContextHolder;
|
||||
import cn.lili.common.enums.ClientTypeEnum;
|
||||
import cn.lili.common.enums.ResultCode;
|
||||
import cn.lili.common.exception.ServiceException;
|
||||
import cn.lili.common.security.AuthUser;
|
||||
import cn.lili.common.security.context.UserContext;
|
||||
import cn.lili.common.security.token.Token;
|
||||
import cn.lili.modules.member.token.MemberTokenGenerate;
|
||||
import cn.lili.common.utils.CookieUtil;
|
||||
import cn.lili.common.utils.StringUtils;
|
||||
import cn.lili.common.context.ThreadContextHolder;
|
||||
import cn.lili.common.enums.ClientTypeEnum;
|
||||
import cn.lili.modules.connect.entity.Connect;
|
||||
import cn.lili.modules.connect.entity.dto.ConnectAuthUser;
|
||||
import cn.lili.modules.connect.entity.dto.WechatMPLoginParams;
|
||||
@ -22,6 +21,7 @@ import cn.lili.modules.connect.mapper.ConnectMapper;
|
||||
import cn.lili.modules.connect.service.ConnectService;
|
||||
import cn.lili.modules.member.entity.dos.Member;
|
||||
import cn.lili.modules.member.service.MemberService;
|
||||
import cn.lili.modules.member.token.MemberTokenGenerate;
|
||||
import cn.lili.modules.system.entity.dos.Setting;
|
||||
import cn.lili.modules.system.entity.dto.connect.WechatConnectSetting;
|
||||
import cn.lili.modules.system.entity.dto.connect.dto.WechatConnectSettingItem;
|
||||
@ -309,6 +309,8 @@ public class ConnectServiceImpl extends ServiceImpl<ConnectMapper, Connect> impl
|
||||
* @return 用户信息
|
||||
*/
|
||||
public JSONObject getUserInfo(String encryptedData, String sessionKey, String iv) {
|
||||
|
||||
log.info("encryptedData:{},sessionKey:{},iv:{}", encryptedData, sessionKey, iv);
|
||||
//被加密的数据
|
||||
byte[] dataByte = Base64.getDecoder().decode(encryptedData);
|
||||
//加密秘钥
|
||||
|
||||
@ -84,5 +84,9 @@ public class MemberVO implements Serializable {
|
||||
@ApiModelProperty(value = "经验值数量")
|
||||
private Long experience;
|
||||
|
||||
@JsonFormat(timezone = "GMT+8", pattern = "yyyy-MM-dd HH:mm:ss")
|
||||
@DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss")
|
||||
@ApiModelProperty(value = "创建时间", hidden = true)
|
||||
private Date createTime;
|
||||
|
||||
}
|
||||
|
||||
@ -18,7 +18,10 @@ import lombok.NoArgsConstructor;
|
||||
import org.hibernate.validator.constraints.Length;
|
||||
import org.springframework.format.annotation.DateTimeFormat;
|
||||
|
||||
import javax.validation.constraints.*;
|
||||
import javax.validation.constraints.Email;
|
||||
import javax.validation.constraints.Min;
|
||||
import javax.validation.constraints.NotBlank;
|
||||
import javax.validation.constraints.Size;
|
||||
import java.util.Date;
|
||||
|
||||
/**
|
||||
@ -180,11 +183,28 @@ public class StoreDetail extends BaseIdEntity {
|
||||
|
||||
public StoreDetail(Store store, AdminStoreApplyDTO adminStoreApplyDTO) {
|
||||
this.storeId = store.getId();
|
||||
//过滤字段值
|
||||
isNotNull(adminStoreApplyDTO);
|
||||
//设置店铺公司信息、设置店铺银行信息、设置店铺其他信息
|
||||
BeanUtil.copyProperties(adminStoreApplyDTO, this);
|
||||
this.settlementDay = DateUtil.date();
|
||||
this.stockWarning = 10;
|
||||
}
|
||||
|
||||
public void isNotNull(AdminStoreApplyDTO adminStoreApplyDTO){
|
||||
if("null".equals(adminStoreApplyDTO.getSalesConsigneeName())){
|
||||
adminStoreApplyDTO.setSalesConsigneeName("");
|
||||
}
|
||||
if("null".equals(adminStoreApplyDTO.getSalesConsigneeMobile())){
|
||||
adminStoreApplyDTO.setSalesConsigneeMobile("");
|
||||
}
|
||||
if("null".equals(adminStoreApplyDTO.getSalesConsigneeDetail())){
|
||||
adminStoreApplyDTO.setSalesConsigneeDetail("");
|
||||
}
|
||||
if("null".equals(adminStoreApplyDTO.getDdCode())){
|
||||
adminStoreApplyDTO.setDdCode("");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -75,7 +75,8 @@ public class StoreDetailServiceImpl extends ServiceImpl<StoreDetailMapper, Store
|
||||
|
||||
@Override
|
||||
public StoreDetailVO getStoreDetailVO(String storeId) {
|
||||
return this.baseMapper.getStoreDetail(storeId);
|
||||
StoreDetailVO storeDetail = this.baseMapper.getStoreDetail(storeId);
|
||||
return storeDetail;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -115,7 +115,6 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
|
||||
if (Boolean.TRUE.equals(member.getHaveStore())) {
|
||||
throw new ServiceException(ResultCode.STORE_APPLY_DOUBLE_ERROR);
|
||||
}
|
||||
|
||||
//添加店铺
|
||||
Store store = new Store(member, adminStoreApplyDTO);
|
||||
this.save(store);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user