From 4dc59501912b372a1db359463b171d848a0682d5 Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 14:17:38 +0800
Subject: [PATCH 1/8] =?UTF-8?q?=E5=B0=9D=E8=AF=95=E8=A7=A3=E5=86=B3?=
 =?UTF-8?q?=E6=97=A0=E6=B3=95base64=E8=A7=A3=E6=9E=90=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
index 2070321a..8055ddc0 100644
--- a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
@@ -310,7 +310,7 @@ public class ConnectServiceImpl extends ServiceImpl<ConnectMapper, Connect> impl
      */
     public JSONObject getUserInfo(String encryptedData, String sessionKey, String iv) {
         //被加密的数据
-        byte[] dataByte = Base64.getDecoder().decode(encryptedData);
+        byte[] dataByte = Base64.getDecoder().decode(encryptedData.replace("\r\n", ""));
         //加密秘钥
         byte[] keyByte = Base64.getDecoder().decode(sessionKey);
         //偏移量

From 155d98e8b94ff3a08165c1824ca5dbd69c17e3cf Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:33:30 +0800
Subject: [PATCH 2/8] =?UTF-8?q?=E5=BF=BD=E7=95=A5=E5=8A=A0=E5=AF=86?=
 =?UTF-8?q?=E5=8F=82=E6=95=B0xss=EF=BC=8C=E5=A2=9E=E5=8A=A0=E5=BE=AE?=
 =?UTF-8?q?=E4=BF=A1=E8=B0=83=E8=AF=95=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java  | 2 +-
 .../lili/modules/connect/serviceimpl/ConnectServiceImpl.java  | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index 013ebba1..a95b9eb4 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -29,7 +29,7 @@ import java.util.Map;
  */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
-    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name"};
+    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);
diff --git a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
index 8055ddc0..b2c5003c 100644
--- a/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/connect/serviceimpl/ConnectServiceImpl.java
@@ -309,8 +309,10 @@ public class ConnectServiceImpl extends ServiceImpl<ConnectMapper, Connect> impl
      * @return 用户信息
      */
     public JSONObject getUserInfo(String encryptedData, String sessionKey, String iv) {
+
+        log.info("encryptedData:{},sessionKey:{},iv:{}", encryptedData, sessionKey, iv);
         //被加密的数据
-        byte[] dataByte = Base64.getDecoder().decode(encryptedData.replace("\r\n", ""));
+        byte[] dataByte = Base64.getDecoder().decode(encryptedData);
         //加密秘钥
         byte[] keyByte = Base64.getDecoder().decode(sessionKey);
         //偏移量

From 078af06b630920bc7defcc60ae2b66d3821e9749 Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:39:59 +0800
Subject: [PATCH 3/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=BF=87=E6=BB=A4?=
 =?UTF-8?q?=E7=AD=9B=E9=80=89=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index a95b9eb4..32f17d61 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -29,7 +29,7 @@ import java.util.Map;
  */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
-    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted"};
+    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);

From 1d317998af1bad34014a99d97f949e8fbe4c85c8 Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:41:16 +0800
Subject: [PATCH 4/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=AF=B4=E6=98=8E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/filter/XssHttpServletRequestWrapper.java      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index 32f17d61..e76580c9 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -29,7 +29,12 @@ import java.util.Map;
  */
 public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
-    private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
+
+    /**
+     * xss过滤参数
+     * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
+     */
+    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);

From 31728300e15221b7f8ca5412101db19d0fe476be Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Sun, 14 Nov 2021 15:42:43 +0800
Subject: [PATCH 5/8] =?UTF-8?q?=E8=A7=84=E8=8C=83=E5=8F=82=E6=95=B0?=
 =?UTF-8?q?=E5=91=BD=E5=90=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index e76580c9..b1a17f67 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -32,6 +32,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     /**
      * xss过滤参数
+     *
      * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
      */
     private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
@@ -232,7 +233,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
      * @return 参数值
      */
     private String filterXss(String name, String value) {
-        if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) {
+        if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) {
             // 忽略的处理，（过滤敏感字符）
             return HtmlUtil.filter(value);
         } else {

From 803bd32f4bb467e92a0727f4ee5896686c5cfcb3 Mon Sep 17 00:00:00 2001
From: fengtianyangyang <tianyangyang.feng@javashop.cn>
Date: Mon, 15 Nov 2021 18:21:30 +0800
Subject: [PATCH 6/8] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=BA=97=E9=93=BA?=
 =?UTF-8?q?=E5=AD=97=E7=AC=A6=E4=B8=B2'null'=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../modules/store/entity/dos/StoreDetail.java   | 17 +++++++++++++++++
 .../serviceimpl/StoreDetailServiceImpl.java     |  3 ++-
 .../store/serviceimpl/StoreServiceImpl.java     |  1 -
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/framework/src/main/java/cn/lili/modules/store/entity/dos/StoreDetail.java b/framework/src/main/java/cn/lili/modules/store/entity/dos/StoreDetail.java
index 87820fd7..eb9a8f65 100644
--- a/framework/src/main/java/cn/lili/modules/store/entity/dos/StoreDetail.java
+++ b/framework/src/main/java/cn/lili/modules/store/entity/dos/StoreDetail.java
@@ -180,11 +180,28 @@ public class StoreDetail extends BaseIdEntity {
 
     public StoreDetail(Store store, AdminStoreApplyDTO adminStoreApplyDTO) {
         this.storeId = store.getId();
+        //过滤字段值
+        isNotNull(adminStoreApplyDTO);
         //设置店铺公司信息、设置店铺银行信息、设置店铺其他信息
         BeanUtil.copyProperties(adminStoreApplyDTO, this);
         this.settlementDay = DateUtil.date();
         this.stockWarning = 10;
     }
 
+    public void isNotNull(AdminStoreApplyDTO adminStoreApplyDTO){
+        if("null".equals(adminStoreApplyDTO.getSalesConsigneeName())){
+            adminStoreApplyDTO.setSalesConsigneeName("");
+        }
+        if("null".equals(adminStoreApplyDTO.getSalesConsigneeMobile())){
+            adminStoreApplyDTO.setSalesConsigneeMobile("");
+        }
+        if("null".equals(adminStoreApplyDTO.getSalesConsigneeDetail())){
+            adminStoreApplyDTO.setSalesConsigneeDetail("");
+        }
+        if("null".equals(adminStoreApplyDTO.getDdCode())){
+            adminStoreApplyDTO.setDdCode("");
+        }
+    }
+
 
 }
\ No newline at end of file
diff --git a/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreDetailServiceImpl.java b/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreDetailServiceImpl.java
index 956a8bb9..5c752d51 100644
--- a/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreDetailServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreDetailServiceImpl.java
@@ -75,7 +75,8 @@ public class StoreDetailServiceImpl extends ServiceImpl<StoreDetailMapper, Store
 
     @Override
     public StoreDetailVO getStoreDetailVO(String storeId) {
-        return this.baseMapper.getStoreDetail(storeId);
+        StoreDetailVO storeDetail = this.baseMapper.getStoreDetail(storeId);
+        return storeDetail;
     }
 
     @Override
diff --git a/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java b/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java
index df337b0f..ff1e0b43 100644
--- a/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java
+++ b/framework/src/main/java/cn/lili/modules/store/serviceimpl/StoreServiceImpl.java
@@ -115,7 +115,6 @@ public class StoreServiceImpl extends ServiceImpl<StoreMapper, Store> implements
         if (Boolean.TRUE.equals(member.getHaveStore())) {
             throw new ServiceException(ResultCode.STORE_APPLY_DOUBLE_ERROR);
         }
-
         //添加店铺
         Store store = new Store(member, adminStoreApplyDTO);
         this.save(store);

From 1707563118864bd3a28562640dfed4dd216fe48c Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Tue, 16 Nov 2021 15:27:43 +0800
Subject: [PATCH 7/8] =?UTF-8?q?VO=E5=A2=9E=E5=8A=A0=E6=B3=A8=E5=86=8C?=
 =?UTF-8?q?=E6=97=B6=E9=97=B4=E5=AD=97=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/cn/lili/modules/member/entity/vo/MemberVO.java    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java b/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java
index c95d104e..27937a82 100644
--- a/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java
+++ b/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java
@@ -3,9 +3,12 @@ package cn.lili.modules.member.entity.vo;
 import cn.lili.common.enums.ClientTypeEnum;
 import cn.lili.common.security.sensitive.Sensitive;
 import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
+import com.baomidou.mybatisplus.annotation.FieldFill;
+import com.baomidou.mybatisplus.annotation.TableField;
 import com.fasterxml.jackson.annotation.JsonFormat;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
+import org.springframework.data.annotation.CreatedDate;
 import org.springframework.format.annotation.DateTimeFormat;
 
 import java.io.Serializable;
@@ -84,5 +87,9 @@ public class MemberVO implements Serializable {
     @ApiModelProperty(value = "经验值数量")
     private Long experience;
 
+    @JsonFormat(timezone = "GMT+8", pattern = "yyyy-MM-dd HH:mm:ss")
+    @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    @ApiModelProperty(value = "创建时间", hidden = true)
+    private Date createTime;
 
 }

From 0e7c703dfd09da415dbb2f29a2ba2d3e549cf701 Mon Sep 17 00:00:00 2001
From: Chopper <liushuai711@gmail.com>
Date: Tue, 16 Nov 2021 15:58:22 +0800
Subject: [PATCH 8/8] =?UTF-8?q?xss=20=E8=BF=87=E6=BB=A4=E6=94=BE=E6=8E=89?=
 =?UTF-8?q?=E9=82=AE=E7=AE=B1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index b1a17f67..f776091a 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -35,7 +35,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
      *
      * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
      */
-    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv"};
+    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "encrypted", "iv","mail"};
 
     public XssHttpServletRequestWrapper(HttpServletRequest request) {
         super(request);