diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java index 928436f3..8b36dd74 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java +++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java @@ -2,7 +2,6 @@ package cn.lili.common.security.filter; import cn.hutool.core.text.CharSequenceUtil; -import cn.hutool.http.HtmlUtil; import cn.hutool.json.JSONUtil; import lombok.extern.slf4j.Slf4j; import org.owasp.html.Sanitizers; @@ -48,6 +47,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { "encrypted", "iv", "mail", + "sell", "privateKey", "wechatpay", }; @@ -267,7 +267,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { private String filterXss(String name, String value) { if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) { // 忽略的处理,(过滤敏感字符) - return HtmlUtil.unescape(HtmlUtil.filter(value)); + return value; } else { return cleanXSS(value); } diff --git a/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java b/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java index 4cf4aac8..e8b75859 100644 --- a/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java +++ b/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java @@ -81,7 +81,7 @@ public class RefundSupport { **/ private void updateReturnGoodsNumber(AfterSale afterSale) { //根据商品id及订单sn获取子订单 - OrderItem orderItem = orderItemService.getByOrderSnAndSkuId(afterSale.getOrderSn(), afterSale.getGoodsId()); + OrderItem orderItem = orderItemService.getByOrderSnAndSkuId(afterSale.getOrderSn(), afterSale.getSkuId()); orderItem.setReturnGoodsNumber(afterSale.getNum() + orderItem.getReturnGoodsNumber());