添加XSS过滤
This commit is contained in:
sgjj
parent
ba7860c2d4
commit
279f96ffa4
|
|
@ -295,9 +295,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
|
|
||||||
Map<String, Object> map = new HashMap<>();
|
Map<String, Object> map = new HashMap<>();
|
||||||
// 读取请求字段
|
// 读取请求字段
|
||||||
Map<String, String[]> field = request.getParameterMap();
|
Map<String, Object> field = BasicUtil.assemblyRequestMap();
|
||||||
// 文章字段集合
|
|
||||||
Map<String, Object> articleFieldName = new HashMap<String, Object>();
|
|
||||||
// 自定义字段集合
|
// 自定义字段集合
|
||||||
Map<String, String> diyFieldName = new HashMap<String, String>();
|
Map<String, String> diyFieldName = new HashMap<String, String>();
|
||||||
CategoryEntity column = null; // 当前栏目
|
CategoryEntity column = null; // 当前栏目
|
||||||
|
|
@ -330,9 +328,9 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
|
|
||||||
// 遍历取字段集合
|
// 遍历取字段集合
|
||||||
if (field != null) {
|
if (field != null) {
|
||||||
for (Map.Entry<String, String[]> entry : field.entrySet()) {
|
for (Map.Entry<String, Object> entry : field.entrySet()) {
|
||||||
if (entry != null) {
|
if (entry != null) {
|
||||||
String value = entry.getValue()[0]; // 处理由get方法请求中文乱码问题
|
String value = entry.getValue().toString(); // 处理由get方法请求中文乱码问题
|
||||||
if (ObjectUtil.isNull(value)) {
|
if (ObjectUtil.isNull(value)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
@ -380,7 +378,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
||||||
} catch (IOException e1) {
|
} catch (IOException e1) {
|
||||||
e1.printStackTrace();
|
e1.printStackTrace();
|
||||||
}
|
}
|
||||||
Map<String, Object> searchMap = BasicUtil.assemblyRequestMap();
|
Map<String, Object> searchMap = field;
|
||||||
searchMap.forEach((k,v)->{
|
searchMap.forEach((k,v)->{
|
||||||
//sql注入过滤
|
//sql注入过滤
|
||||||
if(sqlFilter(v.toString())){
|
if(sqlFilter(v.toString())){
|
||||||
|
|
|
||||||
|
|
@ -89,18 +89,17 @@ public class WebConfig implements WebMvcConfigurer {
|
||||||
beanTypeAutoProxyCreator.setInterceptorNames("druidStatInterceptor");
|
beanTypeAutoProxyCreator.setInterceptorNames("druidStatInterceptor");
|
||||||
return beanTypeAutoProxyCreator;
|
return beanTypeAutoProxyCreator;
|
||||||
}
|
}
|
||||||
// XSS过滤器
|
//XSS过滤器
|
||||||
// @Bean
|
@Bean
|
||||||
// public FilterRegistrationBean xssFilterRegistration() {
|
public FilterRegistrationBean xssFilterRegistration() {
|
||||||
// XSSEscapeFilter xssFilter = new XSSEscapeFilter();
|
XSSEscapeFilter xssFilter = new XSSEscapeFilter();
|
||||||
// FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
|
FilterRegistrationBean registration = new FilterRegistrationBean(xssFilter);
|
||||||
// xssFilter.excludes.add(".*file/upload.do");
|
xssFilter.includes.add(".*/search.do");
|
||||||
// xssFilter.excludes.add(".*/jsp/editor.do");
|
registration.setName("XSSFilter");
|
||||||
// xssFilter.excludes.add(".*/?(jpg|js|css|gif|png|ico)$");
|
registration.addUrlPatterns("/*");
|
||||||
// xssFilter.excludes.add("/");
|
registration.setOrder(Ordered.HIGHEST_PRECEDENCE);
|
||||||
// registration.addUrlPatterns("/*");
|
return registration;
|
||||||
// return registration;
|
}
|
||||||
// }
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* RequestContextListener注册
|
* RequestContextListener注册
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
<div class="ms-content-main-list" id="ms-content-search">
|
<div class="ms-content-main-list" id="ms-content-search">
|
||||||
<div class="ms-content-main-div">
|
<div class="ms-content-main-div">
|
||||||
<div class="ms-content-main-div-prompt">您搜索的关键字
|
<div class="ms-content-main-div-prompt">您搜索的关键字
|
||||||
<span>{ms:search.basic_title/}</span>
|
<span>{ms:search.content_title/}</span>
|
||||||
<!-- 共7个结果 -->
|
<!-- 共7个结果 -->
|
||||||
</div>
|
</div>
|
||||||
<ul class="ms-content-main-ul">
|
<ul class="ms-content-main-ul">
|
||||||
|
|
@ -55,12 +55,12 @@ new Vue({
|
||||||
pageNo = pageNo -1==0 ? 1 : pageNo-1;//上一页
|
pageNo = pageNo -1==0 ? 1 : pageNo-1;//上一页
|
||||||
}
|
}
|
||||||
window.location.href="{ms:global.host/}/cms/1/search.do?basic_title={ms:search.basic_title/}&pageNo="+pageNo;
|
window.location.href="{ms:global.host/}/cms/1/search.do?basic_title={ms:search.basic_title/}&pageNo="+pageNo;
|
||||||
window.event.returnValue=false;
|
window.event.returnValue=false;
|
||||||
},
|
},
|
||||||
//首页和尾页
|
//首页和尾页
|
||||||
indexAndLast:function(pageNo){
|
indexAndLast:function(pageNo){
|
||||||
window.location.href="{ms:global.host/}/cms/1/search.do?basic_title={ms:search.basic_title/}&pageNo="+pageNo;
|
window.location.href="{ms:global.host/}/cms/1/search.do?basic_title={ms:search.basic_title/}&pageNo="+pageNo;
|
||||||
window.event.returnValue=false;
|
window.event.returnValue=false;
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|
@ -68,4 +68,4 @@ new Vue({
|
||||||
$('.ms-content-main-page').remove();
|
$('.ms-content-main-page').remove();
|
||||||
$('.ms-content-main-ul').before("<div class='ms-content-main-div-nothing'>没找到相关记录</div>")
|
$('.ms-content-main-ul').before("<div class='ms-content-main-div-nothing'>没找到相关记录</div>")
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue