From dbd35c18b570a0784dbe58a80aa593e76b6c4ff4 Mon Sep 17 00:00:00 2001 From: Chopper Date: Mon, 22 Nov 2021 18:20:06 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BE=AE=E4=BF=A1=E6=94=AF=E4=BB=98=E7=AD=BE?= =?UTF-8?q?=E5=90=8D=E8=A2=ABxss=E8=BF=87=E6=BB=A4=E9=97=AE=E9=A2=98?= =?UTF-8?q?=E5=A4=84=E7=90=86=E5=BF=BD=E7=95=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../filter/XssHttpServletRequestWrapper.java | 15 ++++++++++++++- .../HotWordsManagerController.java | 2 +- .../MemberNoticeManagerController.java | 2 +- 3 files changed, 16 insertions(+), 3 deletions(-) rename manager-api/src/main/java/cn/lili/controller/{setting => goods}/HotWordsManagerController.java (97%) rename manager-api/src/main/java/cn/lili/controller/{setting => member}/MemberNoticeManagerController.java (98%) diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java index c5a34eb1..996ef0bd 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java +++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java @@ -35,7 +35,20 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { * * @todo 这里的参数应该更智能些,例如iv,前端的参数包含这两个字母就会放过,这是有问题的 */ - private static final String[] IGNORE_FIELD = {"logo", "url", "photo", "intro", "content", "name", "image", "encrypted", "iv", "mail", "privateKey"}; + private static final String[] IGNORE_FIELD = { + "logo", + "url", + "photo", + "intro", + "content", + "name", + "image", + "encrypted", + "iv", + "mail", + "privateKey", + "Wechatpay", + }; public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); diff --git a/manager-api/src/main/java/cn/lili/controller/setting/HotWordsManagerController.java b/manager-api/src/main/java/cn/lili/controller/goods/HotWordsManagerController.java similarity index 97% rename from manager-api/src/main/java/cn/lili/controller/setting/HotWordsManagerController.java rename to manager-api/src/main/java/cn/lili/controller/goods/HotWordsManagerController.java index 80c97396..b38e5e85 100755 --- a/manager-api/src/main/java/cn/lili/controller/setting/HotWordsManagerController.java +++ b/manager-api/src/main/java/cn/lili/controller/goods/HotWordsManagerController.java @@ -1,4 +1,4 @@ -package cn.lili.controller.setting; +package cn.lili.controller.goods; import cn.lili.common.enums.ResultUtil; import cn.lili.common.vo.ResultMessage; diff --git a/manager-api/src/main/java/cn/lili/controller/setting/MemberNoticeManagerController.java b/manager-api/src/main/java/cn/lili/controller/member/MemberNoticeManagerController.java similarity index 98% rename from manager-api/src/main/java/cn/lili/controller/setting/MemberNoticeManagerController.java rename to manager-api/src/main/java/cn/lili/controller/member/MemberNoticeManagerController.java index 54c7d520..2c3b44a3 100644 --- a/manager-api/src/main/java/cn/lili/controller/setting/MemberNoticeManagerController.java +++ b/manager-api/src/main/java/cn/lili/controller/member/MemberNoticeManagerController.java @@ -1,4 +1,4 @@ -package cn.lili.controller.setting; +package cn.lili.controller.member; import cn.lili.common.enums.ResultUtil; import cn.lili.common.security.context.UserContext;