修复安全问题
This commit is contained in:
parent
da964ddd77
commit
4509931488
|
@ -108,7 +108,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
public void index(HttpServletRequest req, HttpServletResponse resp) {
|
||||
Map map = BasicUtil.assemblyRequestMap();
|
||||
map.forEach((k,v)->{
|
||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\$1"));
|
||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||
});
|
||||
map.put(ParserUtil.URL, BasicUtil.getUrl());
|
||||
//动态解析
|
||||
|
@ -140,6 +140,9 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
@GetMapping("/list.do")
|
||||
public void list(HttpServletRequest req, HttpServletResponse resp) {
|
||||
Map map = BasicUtil.assemblyRequestMap();
|
||||
map.forEach((k,v)->{
|
||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||
});
|
||||
//获取栏目编号
|
||||
int typeId = BasicUtil.getInt(ParserUtil.TYPE_ID,0);
|
||||
int size = BasicUtil.getInt(ParserUtil.SIZE,10);
|
||||
|
@ -205,7 +208,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
}
|
||||
}
|
||||
|
||||
orderby= orderby.replaceAll("('|\"|\\\\)","\\$1");
|
||||
orderby= orderby.replaceAll("('|\"|\\\\)","\\\\$1");
|
||||
PageBean page = new PageBean();
|
||||
//用于详情上下页获取当前文章列表对应的分类,根据文章查询只能获取自身分类
|
||||
String typeId = BasicUtil.getString(ParserUtil.TYPE_ID,article.getContentCategoryId());
|
||||
|
@ -216,7 +219,7 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
Map map = BasicUtil.assemblyRequestMap();
|
||||
map.forEach((k,v)->{
|
||||
//sql注入过滤
|
||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\$1"));
|
||||
map.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||
});
|
||||
//动态解析
|
||||
map.put(ParserUtil.IS_DO,true);
|
||||
|
@ -340,7 +343,8 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
if (field != null) {
|
||||
for (Map.Entry<String, Object> entry : field.entrySet()) {
|
||||
if (entry != null) {
|
||||
String value = entry.getValue().toString().replaceAll("('|\"|\\\\)","\\$1"); // 处理由get方法请求中文乱码问题
|
||||
String value = entry.getValue().toString().replaceAll("('|\"|\\\\)","\\\\$1"); // 处理由get方法请求中文乱码问题
|
||||
value=clearXss(value);
|
||||
if (ObjectUtil.isNull(value)) {
|
||||
continue;
|
||||
}
|
||||
|
@ -379,7 +383,8 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
StringBuilder urlParams=new StringBuilder();
|
||||
searchMap.forEach((k,v)->{
|
||||
//sql注入过滤
|
||||
searchMap.put(k,v.toString().replaceAll("('|\"|\\\\)","\\$1"));
|
||||
searchMap.put(k,v.toString().replaceAll("('|\"|\\\\)","\\\\$1"));
|
||||
searchMap.put(k,clearXss(searchMap.get(k).toString()));
|
||||
urlParams.append(k).append("=").append(searchMap.get(k)).append("&");
|
||||
});
|
||||
|
||||
|
@ -443,6 +448,23 @@ public class MCmsAction extends net.mingsoft.cms.action.BaseAction {
|
|||
this.outString(response, content);
|
||||
}
|
||||
|
||||
// 清除路径中的转义字符
|
||||
private String clearXss(String value) {
|
||||
|
||||
if (value == null || "".equals(value)) {
|
||||
return value;
|
||||
}
|
||||
|
||||
value = value.replaceAll("<", "<").replaceAll(">", ">");
|
||||
value = value.replaceAll("\\(", "(").replace("\\)", ")");
|
||||
value = value.replaceAll("'", "'");
|
||||
value = value.replaceAll("eval\\((.*)\\)", "");
|
||||
value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']",
|
||||
"\"\"");
|
||||
value = value.replace("script", "");
|
||||
|
||||
return value;
|
||||
}
|
||||
|
||||
/**
|
||||
* 存储自定义模型字段和接口参数
|
||||
|
|
Loading…
Reference in New Issue