diff --git a/framework/src/main/java/cn/lili/common/enums/ResultCode.java b/framework/src/main/java/cn/lili/common/enums/ResultCode.java
index e92f93de..2a132b9c 100644
--- a/framework/src/main/java/cn/lili/common/enums/ResultCode.java
+++ b/framework/src/main/java/cn/lili/common/enums/ResultCode.java
@@ -47,6 +47,7 @@ public enum ResultCode {
CATEGORY_HAS_CHILDREN(10005, "此类别下存在子类别不能删除"),
CATEGORY_HAS_GOODS(10006, "此类别下存在商品不能删除"),
CATEGORY_SAVE_ERROR(10007, "此类别下存在商品不能删除"),
+ CATEGORY_PARAMETER_NOT_EXIST(10012, "分类绑定参数组不存在"),
CATEGORY_PARAMETER_SAVE_ERROR(10008, "分类绑定参数组添加失败"),
CATEGORY_PARAMETER_UPDATE_ERROR(10009, "分类绑定参数组添加失败"),
CATEGORY_DELETE_FLAG_ERROR(10010, "子类状态不能与父类不一致!"),
@@ -72,6 +73,7 @@ public enum ResultCode {
GOODS_PARAMS_ERROR(11013, "商品参数错误,刷新后重试"),
PHYSICAL_GOODS_NEED_TEMP(11014, "实物商品需选择配送模板"),
VIRTUAL_GOODS_NOT_NEED_TEMP(11015, "实物商品需选择配送模板"),
+ GOODS_NOT_EXIST_STORE(11017, "当前用户无权操作此商品"),
GOODS_TYPE_ERROR(11016, "需选择商品类型"),
/**
diff --git a/framework/src/main/java/cn/lili/common/security/AuthUser.java b/framework/src/main/java/cn/lili/common/security/AuthUser.java
index 71e86fbd..7364421f 100644
--- a/framework/src/main/java/cn/lili/common/security/AuthUser.java
+++ b/framework/src/main/java/cn/lili/common/security/AuthUser.java
@@ -13,6 +13,8 @@ import java.io.Serializable;
@AllArgsConstructor
public class AuthUser implements Serializable {
+ private static final long serialVersionUID = 582441893336003319L;
+
/**
* 用户名
*/
diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index ce6fbca2..3785c4e1 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -1,6 +1,8 @@
package cn.lili.common.security.filter;
+import cn.hutool.http.HtmlUtil;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.util.regex.Pattern;
@@ -107,25 +109,26 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
private String cleanXSS(String value) {
if (value != null) {
- //推荐使用ESAPI库来避免脚本攻击,value = ESAPI.encoder().canonicalize(value);
- //避免script 标签
- value = SCRIPT_PATTERN1.matcher(value).replaceAll("");
- //删除单个的 标签
- value = SCRIPT_PATTERN2.matcher(value).replaceAll("");
- //删除单个的 标签
+// value = SCRIPT_PATTERN2.matcher(value).replaceAll("");
+// //删除单个的