From dfcf71aec7433ac0ac7651d62e9bdac547c1a81d Mon Sep 17 00:00:00 2001
From: paulGao <paulgao0831@gmail.com>
Date: Thu, 23 Dec 2021 10:55:43 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=E7=A7=BB=E9=99=A4mongo,=E5=B0=86=E7=B3=BB?=
 =?UTF-8?q?=E7=BB=9F=E6=97=A5=E5=BF=97=E5=AD=98=E5=82=A8=E5=9C=A8es?=
 =?UTF-8?q?=E3=80=82=E4=BF=AE=E5=A4=8D=E6=8B=BC=E5=9B=A2=E5=95=86=E5=93=81?=
 =?UTF-8?q?=E7=9A=84=E6=AD=A3=E5=B8=B8=E8=B4=AD=E4=B9=B0=E4=BB=B7=E6=A0=BC?=
 =?UTF-8?q?=E4=B8=BA=E6=8B=BC=E5=9B=A2=E4=BB=B7=E6=A0=BC=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index 928436f3..c6164e73 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -48,6 +48,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
             "encrypted",
             "iv",
             "mail",
+            "seller",
             "privateKey",
             "wechatpay",
     };

From f086a58096d997ae55454cbb84745d57e129435b Mon Sep 17 00:00:00 2001
From: paulGao <paulgao0831@gmail.com>
Date: Thu, 23 Dec 2021 10:58:19 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E6=B7=BB=E5=8A=A0xss=E8=BF=87=E6=BB=A4sell?=
 =?UTF-8?q?=E5=85=B3=E9=94=AE=E5=AD=97?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index c6164e73..3ce0a539 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -48,7 +48,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
             "encrypted",
             "iv",
             "mail",
-            "seller",
+            "sell",
             "privateKey",
             "wechatpay",
     };

From cdfeb5dbdcc308209128e33c48a33a9680c842fa Mon Sep 17 00:00:00 2001
From: paulGao <paulgao0831@gmail.com>
Date: Thu, 23 Dec 2021 17:17:31 +0800
Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=9B=B4=E6=96=B0?=
 =?UTF-8?q?=E8=AE=A2=E5=8D=95=E7=9A=84=E5=94=AE=E5=90=8E=E5=95=86=E5=93=81?=
 =?UTF-8?q?=E6=95=B0=E9=87=8F=E6=97=B6=EF=BC=8C=E4=BC=A0=E9=80=92goodsId?=
 =?UTF-8?q?=E6=94=B9=E6=88=90goodsSkuId?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/cn/lili/modules/payment/kit/RefundSupport.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java b/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java
index 4cf4aac8..e8b75859 100644
--- a/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java
+++ b/framework/src/main/java/cn/lili/modules/payment/kit/RefundSupport.java
@@ -81,7 +81,7 @@ public class RefundSupport {
      **/
     private void updateReturnGoodsNumber(AfterSale afterSale) {
         //根据商品id及订单sn获取子订单
-        OrderItem orderItem = orderItemService.getByOrderSnAndSkuId(afterSale.getOrderSn(), afterSale.getGoodsId());
+        OrderItem orderItem = orderItemService.getByOrderSnAndSkuId(afterSale.getOrderSn(), afterSale.getSkuId());
 
         orderItem.setReturnGoodsNumber(afterSale.getNum() + orderItem.getReturnGoodsNumber());
 

From f4a07b2911f64018fb3b71a1ae154ced31c07334 Mon Sep 17 00:00:00 2001
From: paulGao <paulgao0831@gmail.com>
Date: Thu, 23 Dec 2021 19:22:00 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=96=87=E7=AB=A0?=
 =?UTF-8?q?=E5=86=85=E5=AE=B9=E7=BC=96=E8=BE=91=E6=97=A0=E6=A0=BC=E5=BC=8F?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/filter/XssHttpServletRequestWrapper.java   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
index 3ce0a539..8b36dd74 100644
--- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
+++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
@@ -2,7 +2,6 @@ package cn.lili.common.security.filter;
 
 
 import cn.hutool.core.text.CharSequenceUtil;
-import cn.hutool.http.HtmlUtil;
 import cn.hutool.json.JSONUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.html.Sanitizers;
@@ -268,7 +267,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
     private String filterXss(String name, String value) {
         if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), IGNORE_FIELD)) {
             // 忽略的处理，（过滤敏感字符）
-            return HtmlUtil.unescape(HtmlUtil.filter(value));
+            return value;
         } else {
             return cleanXSS(value);
         }