微信支付签名被xss过滤问题处理忽略

2021-11-22 18:20:06 +08:00 · 2021-11-22 18:20:06 +08:00 · dbd35c18b5
commit dbd35c18b5
parent 59461175d9
3 changed files with 16 additions and 3 deletions
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@ -35,7 +35,20 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
     *
     * @todo 这里的参数应该更智能些，例如iv，前端的参数包含这两个字母就会放过，这是有问题的
     */
-    private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "image", "encrypted", "iv", "mail", "privateKey"};
+    private static final String[] IGNORE_FIELD = {
+            "logo",
+            "url",
+            "photo",
+            "intro",
+            "content",
+            "name",
+            "image",
+            "encrypted",
+            "iv",
+            "mail",
+            "privateKey",
+            "Wechatpay",
+    };

    public XssHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
--- a/manager-api/src/main/java/cn/lili/controller/setting/HotWordsManagerController.java
+++ b/manager-api/src/main/java/cn/lili/controller/setting/HotWordsManagerController.java
@ -1,4 +1,4 @@
-package cn.lili.controller.setting;
+package cn.lili.controller.goods;

 import cn.lili.common.enums.ResultUtil;
 import cn.lili.common.vo.ResultMessage;
--- a/manager-api/src/main/java/cn/lili/controller/setting/MemberNoticeManagerController.java
+++ b/manager-api/src/main/java/cn/lili/controller/setting/MemberNoticeManagerController.java
@ -1,4 +1,4 @@
-package cn.lili.controller.setting;
+package cn.lili.controller.member;

 import cn.lili.common.enums.ResultUtil;
 import cn.lili.common.security.context.UserContext;